SUSE CVE-2018-1000009

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

SUSE CVE-2018-1000012

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

SUSE CVE-2018-1000056

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

SUSE CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

SUSE CVE-2020-8118

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

SUSE CVE-2020-8138

A missing check for IPv4 nested inside IPv6 in Nextcloud server 17.0.1, 16.0.7, and 15.0.14 allowed a Server-Side Request Forgery SSRF vulnerability when subscribing to a malicious calendar URL...

SUSE CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

SUSE CVE-2020-11988

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users...

SUSE CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

SUSE CVE-2021-21311

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers e.g. adminer.php are affected. This is fixed in version 4.7.9...

SUSE CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

SUSE CVE-2022-1379

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...

SUSE CVE-2022-38648

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14...

CVE-2023-22936

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘searchlistener’ parameter in a search allows for a blind server-side request forgery SSRF by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within t...

CVE-2022-45085

Server-Side Request Forgery SSRF vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45085

Server-Side Request Forgery SSRF vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery. This issue affects Smartpower Web: before 23.01.01...

Grup Arge Energy and Control Systems SmartPower Energy Management System 代码问题漏洞

Grup Arge Energy and Control Systems SmartPower Energy Management System is a web-based system from Grup Arge Energy and Control Systems developed for improving energy efficiency in organizations. A security vulnerability exists in Grup Arge Energy and Control Systems SmartPower Energy Management...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain unauthorized access to protected information or perform an SSRF attack.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or perform a SSRF attac...

PT-2023-14593 · Unknown · Smartpower Web

Name of the Vulnerable Software and Affected Versions: Smartpower Web versions prior to 23.01.01 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This vulnerability allows for Server Side Request Forgery. Recommendations: For versions prior to 23.01.01, updat...

CVE-2022-47872

A Server-Side Request Forgery SSRF in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module...