Total
962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4849 | 1 Ibm | 1 Tivoli Netcool\/impact | 2020-12-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 190294. | |||||
| CVE-2020-27816 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2020-12-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7. | |||||
| CVE-2020-26215 | 2 Debian, Jupyter | 2 Debian Linux, Notebook | 2020-12-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. | |||||
| CVE-2020-15242 | 1 Vercel | 1 Next.js | 2020-12-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain. The issue is fixed in version 9.5.4. | |||||
| CVE-2020-26232 | 1 Jupyter | 1 Jupyter Server | 2020-12-02 | 5.5 MEDIUM | 5.4 MEDIUM |
| Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet. | |||||
| CVE-2020-28726 | 1 Seeddms | 1 Seeddms | 2020-12-02 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php. | |||||
| CVE-2020-28724 | 1 Palletsprojects | 1 Werkzeug | 2020-12-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. | |||||
| CVE-2020-15300 | 1 Salesagility | 1 Suitecrm | 2020-12-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. | |||||
| CVE-2016-10742 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2020-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | |||||
| CVE-2020-26219 | 1 Touchbase.ai Project | 1 Touchbase.ai | 2020-11-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The issue is fixed in version 2.0. | |||||
| CVE-2018-1000671 | 2 Debian, Sympa | 2 Debian Linux, Sympa | 2020-11-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. | |||||
| CVE-2020-24551 | 1 Iproom | 1 Mmc\+ | 2020-10-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials. | |||||
| CVE-2019-9140 | 1 Happypointcard | 1 Happypoint | 2020-10-22 | 5.8 MEDIUM | 8.1 HIGH |
| When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL. | |||||
| CVE-2018-3819 | 1 Elastic | 1 Kibana | 2020-10-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | |||||
| CVE-2017-8451 | 1 Elastic | 1 Kibana | 2020-10-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | |||||
| CVE-2016-10365 | 1 Elastic | 1 Kibana | 2020-10-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website. | |||||
| CVE-2020-4409 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2020-09-28 | 5.8 MEDIUM | 8.2 HIGH |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537. | |||||
| CVE-2020-5627 | 1 Yodobashi | 1 Yodobashi | 2020-09-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
| CVE-2020-24554 | 1 Liferay | 1 Liferay Portal | 2020-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist. | |||||
| CVE-2020-5623 | 1 Nitori | 1 Nitori | 2020-09-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||