Lucene search
K

7440 matches found

OSV
OSV
added 2020/07/01 5:15 p.m.4 views

CVE-2020-14056

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services...

9.8CVSS7.4AI score0.0133EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/06/17 8:17 p.m.1 views

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

6.3CVSS6.9AI score0.03679EPSS
Exploits0References5
OSV
OSV
added 2020/06/16 2:15 p.m.4 views

CVE-2020-8544

OX App Suite through 7.10.3 allows SSRF...

6.5CVSS6.6AI score0.01064EPSS
Exploits2References2
OSV
OSV
added 2020/06/15 7:15 p.m.3 views

CVE-2020-13650

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...

7.5CVSS7.1AI score
Exploits0References1
OSV
OSV
added 2020/06/12 2:15 p.m.1 views

CVE-2020-9643

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery ssrf vulnerability. Successful exploitation could lead to sensitive information disclosure...

7.5CVSS7.1AI score0.03294EPSS
Exploits0References1
OSV
OSV
added 2020/06/11 2:15 p.m.1 views

CVE-2020-4101

"HCL Digital Experience is susceptible to Server Side Request Forgery."...

9.8CVSS7.3AI score0.01089EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/10 12:0 a.m.5 views

Adobe Experience Manager server-side request forgery vulnerability (CNVD-2020-32612)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A server-side request forgery vulnerability exists in Adobe Experience Manager. An attacker could exploit this vulnerability to obtain sensitive...

7.5CVSS6.7AI score0.03294EPSS
Exploits0References1
OSV
OSV
added 2020/06/08 1:15 p.m.2 views

CVE-2020-4529

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713...

7.4CVSS7.1AI score0.00821EPSS
Exploits0References2
OSV
OSV
added 2020/06/05 5:15 p.m.2 views

DEBIAN-CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

6.3CVSS6.3AI score0.03679EPSS
Exploits0References1
OSV
OSV
added 2020/06/05 5:15 p.m.0 views

UBUNTU-CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

6.3CVSS6.7AI score0.03679EPSS
Exploits0References4
CNVD
CNVD
added 2020/06/03 12:0 a.m.1 views

Google Kubernetes Cross-Site Request Forgery Vulnerability

Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A security vulnerability exists in...

6.3CVSS7.3AI score0.03679EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/02 12:0 a.m.5 views

PT-2020-20206

Name of the Vulnerable Software and Affected Versions Kubernetes versions prior to 1.15.12 Kubernetes versions prior to 1.16.9 Kubernetes versions prior to 1.17.5 Kubernetes versions 1.0 through 1.14 Kubernetes version 1.18.0 Description The issue allows certain authorized users to leak up to 500...

6.3CVSS6.8AI score0.03679EPSS
Exploits0References74
OSV
OSV
added 2020/05/14 4:15 p.m.0 views

CVE-2020-4365

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964...

4.3CVSS6.3AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/05/07 12:0 a.m.8 views

The vulnerability of the WordPress website content management system, related to server-side query manipulation, allows attackers to access sensitive data, compromise its integrity, and cause service interruptions.

The vulnerability of the WordPress website content management system is related to the SSRF request manipulation. This is because URL validation does not consider the interpretation of the name as a sequence of hexadecimal characters. Exploiting this vulnerability can allow an attacker to gain...

10CVSS7.6AI score0.05243EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2020/04/17 8:15 p.m.4 views

CVE-2020-11885

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user with admin console access can use the XML validator to make unintended network invocations such as SSRF via an uploaded file...

7.2CVSS6.1AI score0.00778EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/16 12:0 a.m.7 views

IBM QRadar SIEM Server-Side Request Forgery Vulnerability (CNVD-2020-23049)

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar SIEM ha...

6.5CVSS6.6AI score0.01244EPSS
Exploits3References1
OSV
OSV
added 2020/04/15 4:15 p.m.3 views

CVE-2020-4294

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404...

6.3CVSS6.6AI score0.01244EPSS
Exploits3References4
CNVD
CNVD
added 2020/04/09 12:0 a.m.4 views

GitLab EE/CE SSRF Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An SSRF vulnerability exists in GitLab EE/CE, which can b...

9.8CVSS6.8AI score0.01822EPSS
Exploits0References1
OSV
OSV
added 2020/04/02 4:15 p.m.4 views

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

5.3CVSS5.8AI score0.02732EPSS
Exploits3References4
OSV
OSV
added 2020/04/02 3:15 p.m.2 views

CVE-2020-11451

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. This is also exploitable via SSRF. Note: The ability to upload visualization plugins requires administrator privileges...

7.2CVSS7.2AI score0.02658EPSS
Exploits3References4
Rows per page
Query Builder