Total
1167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8151 | 1 Magento | 1 Magento | 2019-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier gateway. | |||||
| CVE-2019-4262 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014. | |||||
| CVE-2019-18355 | 1 Thycotic | 1 Secret Server | 2019-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | |||||
| CVE-2019-17400 | 1 Universal Office Converter Project | 1 Universal Office Converter | 2019-10-23 | 5.0 MEDIUM | 7.5 HIGH |
| The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. | |||||
| CVE-2017-18638 | 1 Graphite Project | 1 Graphite | 2019-10-21 | 5.0 MEDIUM | 7.5 HIGH |
| send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. | |||||
| CVE-2019-14225 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-10-16 | 5.5 MEDIUM | 5.4 MEDIUM |
| OX App Suite 7.10.1 and 7.10.2 allows SSRF. | |||||
| CVE-2016-7051 | 1 Fasterxml | 1 Jackson-dataformat-xml | 2019-10-10 | 5.0 MEDIUM | 8.6 HIGH |
| XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. | |||||
| CVE-2019-3809 | 1 Moodle | 1 Moodle | 2019-10-09 | 7.5 HIGH | 10.0 CRITICAL |
| A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page. | |||||
| CVE-2019-1872 | 1 Cisco | 1 Telepresence Video Communication Server | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system. | |||||
| CVE-2019-11897 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2019-10-09 | 5.0 MEDIUM | 8.6 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server. | |||||
| CVE-2018-7516 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2019-10-09 | 7.5 HIGH | 7.3 HIGH |
| A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. | |||||
| CVE-2018-3774 | 1 Url-parse Project | 1 Url-parse | 2019-10-09 | 7.5 HIGH | 10.0 CRITICAL |
| Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | |||||
| CVE-2018-1789 | 1 Ibm | 1 Api Connect | 2019-10-09 | 6.5 MEDIUM | 9.9 CRITICAL |
| IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939. | |||||
| CVE-2018-0403 | 1 Cisco | 2 Unified Contact Center Express, Unified Ip Interactive Voice Response | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040. | |||||
| CVE-2018-0399 | 1 Cisco | 1 Finesse | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044. | |||||
| CVE-2018-0398 | 1 Cisco | 1 Finesse | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018. | |||||
| CVE-2017-6036 | 1 Belden Hirschmann | 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination. | |||||
| CVE-2017-18036 | 1 Atlassian | 1 Bitbucket | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2017-15886 | 1 Synology | 1 Chat | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | |||||
| CVE-2017-12071 | 1 Synology | 1 Photo Station | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. | |||||