Total
918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1220 | 1 Microsoft | 9 Edge, Windows 10, Windows 7 and 6 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. | |||||
| CVE-2020-12699 | 1 Dkd | 1 Direct Mail | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. | |||||
| CVE-2020-3337 | 1 Cisco | 1 Umbrella | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. | |||||
| CVE-2020-7520 | 1 Schneider-electric | 1 Software Update Utility | 2023-12-10 | 4.0 MEDIUM | 4.7 MEDIUM |
| A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. | |||||
| CVE-2020-4048 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2023-12-10 | 4.9 MEDIUM | 5.7 MEDIUM |
| In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | |||||
| CVE-2020-1997 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. | |||||
| CVE-2020-11663 | 1 Broadcom | 1 Ca Api Developer Portal | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-6266 | 1 Sap | 1 Fiori | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
| SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. | |||||
| CVE-2015-9540 | 1 Chamilo | 1 Chamilo Lms | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | |||||
| CVE-2013-2764 | 1 United-security-providers | 1 Secure Entry Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Secure Entry Server before 4.7.0 contains a URI Redirection vulnerability which could allow remote attackers to conduct phishing attacks due to HSP_AbsoluteRedirects being disabled by default. | |||||
| CVE-2019-14857 | 1 Openidc | 1 Mod Auth Openidc | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. | |||||
| CVE-2019-19775 | 1 Zulip | 1 Zulip Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. | |||||
| CVE-2018-1002102 | 2 Fedoraproject, Kubernetes | 2 Fedora, Kubernetes | 2023-12-10 | 2.1 LOW | 2.6 LOW |
| Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet. | |||||
| CVE-2019-19758 | 1 Lenovo | 4 Ez Media \& Backup Center Ix2, Ez Media \& Backup Center Ix2-dl, Ez Media \& Backup Center Ix2-dl Firmware and 1 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page. | |||||
| CVE-2019-6020 | 1 Alfasado | 1 Powercms | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2019-17151 | 1 Tencent | 1 Wechat | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
| This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302. | |||||
| CVE-2018-18288 | 1 Crushftp | 1 Crushftp | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection. | |||||
| CVE-2016-1000108 | 2 Debian, Yaws | 2 Debian Linux, Yaws | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
| CVE-2019-6021 | 1 Ricoh | 1 Limedio | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2019-20479 | 4 Debian, Fedoraproject, Openidc and 1 more | 4 Debian Linux, Fedora, Mod Auth Openidc and 1 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. | |||||