Total
1167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38203 | 1 Esri | 1 Portal For Arcgis | 2023-01-09 | N/A | 7.5 HIGH |
| Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. | |||||
| CVE-2022-38211 | 1 Esri | 1 Portal For Arcgis | 2023-01-09 | N/A | 7.5 HIGH |
| Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. | |||||
| CVE-2022-38212 | 1 Esri | 1 Portal For Arcgis | 2023-01-09 | N/A | 7.5 HIGH |
| Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203. | |||||
| CVE-2022-23544 | 1 Metersphere | 1 Metersphere | 2023-01-05 | N/A | 6.1 MEDIUM |
| MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds. | |||||
| CVE-2022-45429 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2023-01-05 | N/A | 7.5 HIGH |
| Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules. | |||||
| CVE-2022-37313 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-01-04 | N/A | 5.3 MEDIUM |
| OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. | |||||
| CVE-2022-47635 | 1 Wildix | 1 Wms | 2023-01-03 | N/A | 9.8 CRITICAL |
| Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. | |||||
| CVE-2022-42343 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2022-12-21 | N/A | 6.5 MEDIUM |
| Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-41949 | 1 Dhis2 | 1 Dhis 2 | 2022-12-12 | N/A | 4.3 MEDIUM |
| DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability. | |||||
| CVE-2022-46830 | 1 Jetbrains | 1 Teamcity | 2022-12-12 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. | |||||
| CVE-2022-31188 | 1 Cvat | 1 Cvat | 2022-12-08 | N/A | 9.8 CRITICAL |
| CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2020-14044 | 1 Codiad | 1 Codiad | 2022-12-06 | 6.5 MEDIUM | 7.2 HIGH |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | |||||
| CVE-2022-41412 | 1 Perfsonar | 1 Perfsonar | 2022-12-02 | N/A | 8.6 HIGH |
| An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. | |||||
| CVE-2019-6837 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2022-11-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL. | |||||
| CVE-2022-4096 | 1 Appsmith | 1 Appsmith | 2022-11-23 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. | |||||
| CVE-2022-42894 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2022-11-21 | N/A | 7.5 HIGH |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration. | |||||
| CVE-2022-43183 | 1 Xuxueli | 1 Xxl-job | 2022-11-21 | N/A | 8.8 HIGH |
| XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. | |||||
| CVE-2022-41609 | 1 Wordplus | 1 Better Messages | 2022-11-21 | N/A | 8.8 HIGH |
| Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress. | |||||
| CVE-2022-39383 | 1 Linuxfoundation | 1 Kubevela | 2022-11-18 | N/A | 6.5 MEDIUM |
| KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're using v1.6, please update the v1.6.1. Users who're using v1.5, please update the v1.5.8. There are no known workarounds for this issue. | |||||
| CVE-2022-43140 | 1 Keking | 1 Kkfileview | 2022-11-18 | N/A | 7.5 HIGH |
| kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. | |||||