Lucene search
K

9247 matches found

RedhatCVE
RedhatCVE
added 2020/08/03 1:44 p.m.38 views

CVE-2020-14296

A Server-Side Request Forgery flaw was found in Red Hat CloudForms where malicious requests can be sent from the vulnerable server. An attacker with the privileges to add Ansible Tower provider could inject URLs with port details or with internal IPs to observe internal network. Mitigation...

5.5CVSS1.3AI score0.00643EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/27 3:8 p.m.26 views

Security Bulletin: WebSphere Application Server shipped with IBM Cloud Pak for Applications is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)

Summary WebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

5.3CVSS2.7AI score0.01398EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.19 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2020-4365)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS2.8AI score0.01398EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/07/20 3:15 p.m.31 views

CVE-2020-8205

The uppy npm package 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...

7.5CVSS7.4AI score0.0119EPSS
Exploits1References1
Prion
Prion
added 2020/07/20 3:15 p.m.22 views

Server side request forgery (ssrf)

The uppy npm package 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...

5CVSS7.3AI score0.0119EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/07/20 3:0 p.m.67 views

CVE-2020-8205

CVE-2020-8205 affects the uppy npm package prior to 1.13.2 and prior to 2.0.0-alpha.5, introducing a Server-Side Request Forgery (SSRF) vulnerability that can be used to probe local/external networks or interact with internal systems. The issue is associated with the @uppy/companion context in re...

7.5CVSS7.3AI score0.0119EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/07/20 3:0 p.m.41 views

CVE-2020-8205

The uppy npm package 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...

7.4AI score0.0119EPSS
Exploits1References1
Veracode
Veracode
added 2020/07/16 5:56 a.m.27 views

Server-Side Request Forgery (SSRF)

github.com/goharbor/harbor is vulnerable to server-side request forgery SSRF. The vulnerability exists due to a legacy endpoint to test webhook, allowing an attacker with permissions to edit projects to perform a port scan of hosts within the internal network...

4.3CVSS2.1AI score0.01278EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/07/16 12:0 a.m.52 views

Oracle WebCenter Portal Multiple Vulnerabilities (Jul 2020 CPU)

Binary data oraclewebcenterportalcpujul2020.nbin...

9.8CVSS8AI score0.86503EPSS
Exploits7References7
RedhatCVE
RedhatCVE
added 2020/07/14 6:44 p.m.27 views

CVE-2020-14328

A flaw was found in Ansible Tower. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest...

2.1CVSS2AI score0.0024EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/07/14 6:44 p.m.32 views

CVE-2020-14327

A Server-side request forgery SSRF flaw was found in Tower. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test featur...

2.1CVSS2.4AI score0.00249EPSS
Exploits0References3
NVD
NVD
added 2020/07/14 1:15 p.m.19 views

CVE-2020-6282

SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...

5.8CVSS0.01148EPSS
Exploits0References2
Prion
Prion
added 2020/07/14 1:15 p.m.24 views

Server side request forgery (ssrf)

SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...

5CVSS5.6AI score0.01148EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/14 12:30 p.m.51 views

CVE-2020-6282

CVE-2020-6282 affects SAP NetWeaver AS JAVA (IIOP service) in SERVERCORE and CORE-TOOLS across SAP NetWeaver JAVA versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. The vulnerability enables Server-Side Request Forgery (SSRF) by sending a crafted request from a vulnerable web application, typical...

5.8CVSS5.6AI score0.01148EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/07/13 12:0 a.m.42 views

TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities

The version of TYPO3 installed on the remote host is 9.x prior to 9.5.17 or 10.x prior to 10.4.2. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists in Typo3's form engine component due to improper validation of user-supplied input before...

10CVSS7.2AI score0.0199EPSS
Exploits0References8
Cvelist
Cvelist
added 2020/07/09 5:20 p.m.17 views

CVE-2020-14170

Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability...

4.7AI score0.00829EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/07/03 2:28 p.m.17 views

Engel & Völkers Technology GmbH: XXE on www.publish.engelvoelkers.com

Summary: A XML External Entities vulnerability has been found on www.publish.engelvoelkers.com:8443. Initially a GET request was made to /dp/services and that returned a 500 Error with some XML data. Changing the HTTP request method to POST with some XML data produced a different response, so it...

6.6AI score
Exploits0
CNVD
CNVD
added 2020/07/02 12:0 a.m.7 views

Monsta FTP Server-Side Request Forgery Vulnerability

Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A server-side request forgery vulnerability exists in Monsta FTP 2.10.1 and earlier versions, which stems from the program's insufficient restriction of Web crawling...

9.8CVSS6.6AI score0.0133EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/02 12:0 a.m.10 views

Atlassian Jira Server-Side Request Forgery Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A server-side request forgery vulnerability exists in Atlassian Jira versions prior to 8.7.0. A remote attacker can exploit this...

5.3CVSS6.7AI score0.00998EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/01 6:46 p.m.4 views

grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL

An SSRF incorrect access control vulnerability was found in Grafana regarding the avatar feature, allowing any unauthenticated user or client to make Grafana send HTTP requests to any URL and then return its result to the user or client. Additionally, the same issue can create a NULL pointer...

8.2CVSS7.1AI score0.99856EPSS
Exploits5References6
Rows per page
Query Builder