Total
922 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-1059 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2019 | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. | |||||
CVE-2020-5337 | 1 Rsa | 1 Archer | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
CVE-2020-12666 | 2 Fedoraproject, Go-macaron | 2 Fedora, Macaron | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. | |||||
CVE-2020-8559 | 1 Kubernetes | 1 Kubernetes | 2023-12-10 | 6.0 MEDIUM | 6.8 MEDIUM |
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. | |||||
CVE-2020-11665 | 1 Broadcom | 1 Ca Api Developer Portal | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
CVE-2020-8430 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. | |||||
CVE-2020-10775 | 2 Oracle, Redhat | 2 Virtualization, Ovirt-engine | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. | |||||
CVE-2020-8143 | 1 Revive-adserver | 1 Revive Adserver | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter. | |||||
CVE-2019-6696 | 1 Fortinet | 1 Fortios | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | |||||
CVE-2020-10959 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. | |||||
CVE-2020-5627 | 1 Yodobashi | 1 Yodobashi | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
CVE-2020-1927 | 8 Apache, Broadcom, Canonical and 5 more | 14 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 11 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | |||||
CVE-2017-18897 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. | |||||
CVE-2019-19484 | 1 Centreon | 1 Centreon | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. | |||||
CVE-2020-5409 | 1 Pivotal Software | 1 Concourse | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.) | |||||
CVE-2020-14446 | 1 Wso2 | 2 Identity Server, Identity Server As Key Manager | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. | |||||
CVE-2019-12783 | 1 Verint | 1 Impact 360 | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site. | |||||
CVE-2020-3178 | 1 Cisco | 1 Content Security Management Appliance | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites. | |||||
CVE-2020-4409 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2023-12-10 | 5.8 MEDIUM | 8.2 HIGH |
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537. | |||||
CVE-2020-12283 | 1 Sourcegraph | 1 Sourcegraph | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. |