Total
1256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9187 | 1 Ikiwiki | 1 Ikiwiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs. | |||||
| CVE-2019-9174 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF. | |||||
| CVE-2019-8982 | 1 Wavemaker | 1 Wavemarker Studio | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. | |||||
| CVE-2019-8451 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | |||||
| CVE-2019-8156 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution. | |||||
| CVE-2019-8151 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier gateway. | |||||
| CVE-2019-7923 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code. | |||||
| CVE-2019-7913 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code. | |||||
| CVE-2019-7911 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code. | |||||
| CVE-2019-7892 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery. | |||||
| CVE-2019-7652 | 1 Thehive-project | 1 Cortex-analyzers | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts. | |||||
| CVE-2019-7616 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. | |||||
| CVE-2019-6981 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | |||||
| CVE-2019-6970 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| Moodle 3.5.x before 3.5.4 allows SSRF. | |||||
| CVE-2019-6837 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL. | |||||
| CVE-2019-6793 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.8 MEDIUM | 7.0 HIGH |
| An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. | |||||
| CVE-2019-6516 | 1 Wso2 | 1 Dashboard Server | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF. | |||||
| CVE-2019-6512 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.0 MEDIUM | 4.1 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper. | |||||
| CVE-2019-6257 | 1 Std42 | 1 Elfinder | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php. | |||||
| CVE-2019-5725 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file. | |||||