Total
1064 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-24472 | 1 Qantumthemes | 2 Kentharadio, Onair2 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website. | |||||
CVE-2020-28043 | 1 Misp | 1 Misp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. | |||||
CVE-2021-22179 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature. | |||||
CVE-2020-15822 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | |||||
CVE-2021-23927 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-12-10 | 5.5 MEDIUM | 6.4 MEDIUM |
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. | |||||
CVE-2020-28735 | 1 Plone | 1 Plone | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | |||||
CVE-2021-21288 | 1 Carrierwave Project | 1 Carrierwave | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1. | |||||
CVE-2020-5784 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs. | |||||
CVE-2021-26715 | 1 Mitreid | 1 Connect | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can be exploited to bypass network boundaries, obtain sensitive data, or attack other hosts in the internal network. | |||||
CVE-2020-28977 | 1 Canto | 1 Canto | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. | |||||
CVE-2020-7329 | 1 Mcafee | 1 Mvision Endpoint | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. | |||||
CVE-2020-7739 | 1 Phantomjs-seo Project | 1 Phantomjs-seo | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. | |||||
CVE-2020-7126 | 1 Arubanetworks | 1 Airwave Glass | 2023-12-10 | 5.0 MEDIUM | 5.8 MEDIUM |
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
CVE-2020-15002 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-12-10 | 4.0 MEDIUM | 5.0 MEDIUM |
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. | |||||
CVE-2020-7749 | 1 Osm-static-maps Project | 1 Osm-static-maps | 2023-12-10 | 6.5 MEDIUM | 7.6 HIGH |
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read. | |||||
CVE-2020-17513 | 1 Apache | 1 Airflow | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. | |||||
CVE-2020-24700 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. | |||||
CVE-2019-14476 | 1 Adremsoft | 1 Netcrunch | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems. | |||||
CVE-2020-35712 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2023-12-10 | 9.3 HIGH | 9.8 CRITICAL |
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. | |||||
CVE-2020-8902 | 1 Google | 1 Rendertron | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain. |