Lucene search
K

9247 matches found

NVD
NVD
added 2020/08/17 10:15 p.m.8 views

CVE-2020-15152

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

9.1CVSS8.9AI score0.01859EPSS
Exploits0References3
OSV
OSV
added 2020/08/17 10:15 p.m.7 views

CVE-2020-15152

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

9.1CVSS8.9AI score
Exploits0References3
Prion
Prion
added 2020/08/17 10:15 p.m.15 views

Server side request forgery (ssrf)

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

5CVSS8.8AI score0.01859EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/08/17 9:55 p.m.27 views

CVE-2020-15152 Server-Side Request Forgery in ftp-srv

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

9.1CVSS8.9AI score0.01859EPSS
Exploits0References3
CVE
CVE
added 2020/08/17 9:55 p.m.55 views

CVE-2020-15152

CVE-2020-15152 affects the ftp-srv npm package. It allows Server-Side Request Forgery via the PORT command, enabling the server to connect to arbitrary IPs. Affected versions are before 2.19.6, 3.1.2, and 4.3.4. Remediation: upgrade to 2.19.6, 3.1.2, 4.3.4 or later. A workaround noted in advisori...

9.1CVSS8.9AI score0.01859EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/08/17 12:0 a.m.3 views

PT-2020-20038 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions prior to 3.2.10 phpBB versions prior to 3.3.1 Description: A vulnerability exists that allows the remote image dimensions check to be used for Server-Side Request Forgery SSRF. Recommendations: For versions prior to 3.2.10,...

5.8CVSS5.5AI score0.00966EPSS
Exploits0References14
OSV
OSV
added 2020/08/13 6:54 p.m.28 views

GHSA-9M4X-8W29-R78G Server-Side Request Forgery in @uppy/companion

The @uppy/companion npm package before versions 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...

7.5CVSS7.5AI score0.0119EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2020/08/13 6:54 p.m.55 views

Server-Side Request Forgery in @uppy/companion

The @uppy/companion npm package before versions 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...

7.5CVSS5.1AI score0.0119EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2020/08/13 2:15 p.m.18 views

CVE-2020-13286

For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery...

4.3CVSS6.6AI score0.00745EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/08/13 2:15 p.m.16 views

CVE-2020-13286

For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery...

6.4CVSS5.8AI score0.00745EPSS
Exploits0References2
CVE
CVE
added 2020/08/13 1:30 p.m.53 views

CVE-2020-13286

CVE-2020-13286 affects GitLab before 13.0.12, 13.1.6, and 13.2.3. The issue allows attackers to modify user-controlled git configuration settings, leading to a Server-Side Request Forgery (SSRF). The root cause is not elaborated beyond the described configuration manipulation. Exploitation detail...

6.4CVSS4.3AI score0.00745EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2020/08/13 1:30 p.m.23 views

CVE-2020-13286

Removed by vendor...

6.4CVSS5.8AI score0.00745EPSS
Exploits0
Prion
Prion
added 2020/08/11 2:15 p.m.18 views

Server side request forgery (ssrf)

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery SSRF flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible...

5.5CVSS7AI score0.00643EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/08/11 1:14 p.m.38 views

CVE-2020-14296

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery SSRF flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible...

7.5AI score0.00643EPSS
Exploits0References2
CVE
CVE
added 2020/08/11 1:14 p.m.69 views

CVE-2020-14296

CVE-2020-14296 affects Red Hat CloudForms 4.7 and 5 with a Server-Side Request Forgery (SSRF) flaw exposed when adding an Ansible Tower provider. The issue allows an attacker to issue crafted requests from the vulnerable CloudForms server to scan or attack internal systems not normally accessible...

7.1CVSS6.8AI score0.00643EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/08/09 5:15 p.m.6 views

CVE-2020-16248

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

5.8CVSS5.5AI score
Exploits0References5
Prion
Prion
added 2020/08/08 9:15 p.m.26 views

Server side request forgery (ssrf)

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports...

5CVSS5.3AI score0.01444EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/08/06 2:34 p.m.2 views

CloudForms: Server-Side Request Forgery (SSRF) in Ansible Tower Provider

A Server-Side Request Forgery flaw was found in Red Hat CloudForms where malicious requests can be sent from the vulnerable server. An attacker with the privileges to add Ansible Tower provider could inject URLs with port details or with internal IPs to observe internal network...

7.1CVSS5.7AI score0.00643EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/08/06 12:0 a.m.37 views

RHEL 8 : CloudForms 5.0.7 update (Critical) (RHSA-2020:3358)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3358 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

9.1CVSS6.8AI score0.02515EPSS
Exploits0References46
OpenVAS
OpenVAS
added 2020/08/05 12:0 a.m.21 views

Openfire < 4.4.3 Multiple Vulnerabilities

Openfire is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:igniterealtime:openfire";...

9.8CVSS6.5AI score0.32304EPSS
Exploits1References3
Rows per page
Query Builder