Total
1195 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-15657 | 1 42gears | 1 Suremdm | 2024-02-28 | 1.9 LOW | 7.3 HIGH |
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. | |||||
CVE-2018-5006 | 1 Adobe | 1 Experience Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
CVE-2019-1679 | 1 Cisco | 2 Telepresence Conductor, Telepresence Video Communication Server | 2024-02-28 | 4.0 MEDIUM | 5.0 MEDIUM |
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected. | |||||
CVE-2018-12609 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | |||||
CVE-2018-19651 | 1 Interspire | 1 Email Marketer | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL. | |||||
CVE-2018-18646 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. | |||||
CVE-2018-19601 | 1 Rhymix | 1 Rhymix | 2024-02-28 | 6.5 MEDIUM | 9.1 CRITICAL |
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | |||||
CVE-2019-1003026 | 1 Jenkins | 1 Mattermost | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. | |||||
CVE-2018-14721 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Banking Platform and 9 more | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. | |||||
CVE-2018-18843 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. | |||||
CVE-2018-14514 | 1 Icmsdev | 1 Icms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | |||||
CVE-2018-15895 | 1 Icmsdev | 1 Icms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. | |||||
CVE-2019-1003020 | 1 Jenkins | 1 Kanboard | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL. | |||||
CVE-2018-5004 | 1 Adobe | 1 Experience Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
CVE-2018-3774 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | |||||
CVE-2018-18867 | 1 Tecrail | 1 Responsive Filemanager | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. | |||||
CVE-2018-1000422 | 1 Atlassian | 1 Crowd2 | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | |||||
CVE-2019-3905 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | |||||
CVE-2018-0399 | 1 Cisco | 1 Finesse | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044. | |||||
CVE-2018-18753 | 1 Typecho | 1 Typecho | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. |