XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

Synology Download Station 代码问题漏洞

Synology Download Station is a download management tool for Synology. A server-side request forgery vulnerability exists in the Synology Download Station task management component, which can be exploited by remote attackers to submit a special request to obtain sensitive information...

Synology Media Server 代码问题漏洞

Synology Media Server provides multimedia services for browsing and playing multimedia contents in Synology NAS via DLNA/UPnP home devices. A server-side request forgery vulnerability exists in the cgi component of Synology Media Server versions prior to 1.8.3-2881. A remote attacker can exploit...

CVE-2021-20483

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery SSRF. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591...

UBUNTU-CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled...

CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled...

CVE-2020-15377

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery SSRF...

Adobe Experience Manager 代码问题漏洞

Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A server-side request forgery vulnerability exists in Adobe Experience Manager. An attacker could exploit this vulnerability to bypass security...

UBUNTU-CVE-2021-22214

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited...

Vembu BDR Suite 跨站请求伪造漏洞

Vembu BDR Suite is a virtual machine management system. A code issue vulnerability exists in Vembu BDR Suite that stems from allowing unauthenticated SSRF via a GET request that specifies a hostname and port number.No detailed vulnerability details are available at this time...

PT-2021-3299 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server versions prior to 16.0.10372.20060 Description: The issue is related to insufficient input validation in Microsoft SharePoint Server, allowing a remote attacker to perform spoofing attacks using a specially crafted...

openSUSE Security Update : xstream (openSUSE-2021-832)

This update for xstream fixes the following issues : - Upgrade to 1.4.16 - CVE-2021-21351: remote attacker to load and execute arbitrary code bsc1184796 - CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources bsc1184797 - CVE-2021-21350: arbitrary code executi...

YzmCMS 代码问题漏洞

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the back-end collection management server-side request forgery vulnerability, an attacker can use the vulnerability to read any file...

Security update for xstream (important)

openSUSE Security Update: Security update for xstream Announcement ID: openSUSE-SU-2021:0832-1 Rating: important References: 1184372 1184373 1184374 1184375 1184376 1184377 1184378 1184379 1184380 1184796 1184797 Cross-References: CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344...

CVE-2021-20346

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595...

CVE-2021-20343

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593...

SUSE-SU-2021:1840-1 Security update for xstream

This update for xstream fixes the following issues: - Upgrade to 1.4.16 - CVE-2021-21351: remote attacker to load and execute arbitrary code bsc1184796 - CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources bsc1184797 - CVE-2021-21350: arbitrary code executio...

Django 代码问题漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. Django suffers from a code issue vulnerability that stems from the authenticator accepting leadin...

CVE-2021-33184

Server-Side request forgery SSRF vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors...

IBM Jazz Foundation 代码问题漏洞

IBM Jazz Foundation is a software development collaboration platform for IBM Rational products. A server-side request forgery vulnerability exists in IBM Jazz Foundation. An attacker could exploit this vulnerability to send unauthorized requests from the system, which could allow network...