Total
1047 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7055 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter. | |||||
| CVE-2018-11586 | 1 Searchblox | 1 Searchblox | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | |||||
| CVE-2018-8801 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. | |||||
| CVE-2014-3990 | 1 Opencart | 1 Opencart | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | |||||
| CVE-2017-14323 | 1 Onethink | 1 Onethink | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter. | |||||
| CVE-2017-18036 | 1 Atlassian | 1 Bitbucket | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2018-1000138 | 1 I-librarian | 1 I Librarian | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. | |||||
| CVE-2018-9302 | 1 Getcockpit | 1 Cockpit | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4. | |||||
| CVE-2018-1000054 | 1 Jenkins | 1 Ccm | 2023-12-10 | 6.5 MEDIUM | 8.3 HIGH |
| Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | |||||
| CVE-2017-18096 | 1 Atlassian | 1 Application Links | 2023-12-10 | 4.0 MEDIUM | 7.2 HIGH |
| The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. | |||||
| CVE-2018-1000055 | 1 Jenkins | 1 Android Lint | 2023-12-10 | 6.5 MEDIUM | 8.3 HIGH |
| Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | |||||
| CVE-2017-6201 | 1 Sandstorm | 1 Sandstorm | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
| A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly. | |||||
| CVE-2018-5752 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses. | |||||
| CVE-2018-1000184 | 1 Jenkins | 1 Github | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-6186 | 1 Citrix | 1 Netscaler | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. | |||||
| CVE-2017-11291 | 1 Adobe | 1 Connect | 2023-12-10 | 6.4 MEDIUM | 10.0 CRITICAL |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | |||||
| CVE-2017-14585 | 1 Atlassian | 2 Hipchat Data Center, Hipchat Server | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. | |||||
| CVE-2017-16865 | 1 Atlassian | 1 Jira | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
| The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. | |||||
| CVE-2017-1000139 | 1 Mahara | 1 Mahara | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. | |||||
| CVE-2017-0907 | 1 Recurly | 1 Recurly Client .net | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | |||||