Lucene search
K

9247 matches found

CVE
CVE
added 2020/03/20 8:12 p.m.136 views

CVE-2020-8138

CVE-2020-8138: Nextcloud Server is vulnerable to a Server-Side Request Forgery (SSRF) when subscribing to a malicious calendar URL due to a missing check for IPv4 nested inside IPv6. Affected versions are Nextcloud Server < 17.0.1, < 16.0.7, and

6.5CVSS6.2AI score0.01395EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/03/20 7:15 p.m.20 views

CVE-2020-8135

The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems...

9.8CVSS6.4AI score
Exploits0References1
NVD
NVD
added 2020/03/20 7:15 p.m.18 views

CVE-2020-8135

The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems...

9.8CVSS9.1AI score0.01328EPSS
Exploits1References1
Prion
Prion
added 2020/03/20 7:15 p.m.21 views

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in Ghost CMS 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems...

5.5CVSS7.8AI score0.0122EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/03/20 7:15 p.m.15 views

Server side request forgery (ssrf)

The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems...

7.5CVSS9.1AI score0.01328EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/03/20 6:26 p.m.139 views

CVE-2020-8134

CVE-2020-8134 corresponds to a Ghost CMS SSRF flaw in the code path prior to version 3.10.0. The issue allows an attacker to scan internal or external networks or interact with internal systems through server-side requests. This affects Ghost CMS deployments running versions earlier than 3.10.0; ...

8.1CVSS7.7AI score0.0122EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.26 views

GLSA-202003-11 : SVG Salamander: Server-Side Request Forgery

The remote host is affected by the vulnerability described in GLSA-202003-11 SVG Salamander: Server-Side Request Forgery A Server-Side Request Forgery was discovered in SVG Salamander. Impact : An attacker, by sending a specially crafted SVG file, can conduct SSRF. Workaround : There is no known...

7.4CVSS7.3AI score0.01992EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.22 views

GLSA-202003-09 : OpenID library for Ruby: Server-Side Request Forgery

The remote host is affected by the vulnerability described in GLSA-202003-09 OpenID library for Ruby: Server-Side Request Forgery It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact : A remote attacker could possibly change the URL used for...

10CVSS8.2AI score0.02911EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2020/03/14 12:0 a.m.98 views

SVG Salamander: Server-Side Request Forgery

Background SVG Salamander is a light weight SVG renderer and animator for Java. Description A Server-Side Request Forgery was discovered in SVG Salamander. Impact An attacker, by sending a specially crafted SVG file, can conduct SSRF. Workaround There is no known workaround at this time. Resoluti...

7.4CVSS1.1AI score0.01992EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/03/14 12:0 a.m.113 views

OpenID library for Ruby: Server-Side Request Forgery

Background A Ruby library for verifying and serving OpenID identities. Description It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact A remote attacker could possibly change the URL used for discovery and trick the server into connecting to the...

10CVSS2.5AI score0.02911EPSS
Exploits0
OSV
OSV
added 2020/03/11 5:15 p.m.3 views

CVE-2020-8540

An XML external entity XXE vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

9.8CVSS7.4AI score0.12476EPSS
Exploits0References1
Prion
Prion
added 2020/03/11 5:15 p.m.16 views

Server side request forgery (ssrf)

An XML external entity XXE vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

7.5CVSS9.1AI score0.12476EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/11 4:15 p.m.22 views

CVE-2020-8540

An XML external entity XXE vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

9.3AI score0.12476EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/03/10 6:15 p.m.4 views

CVE-2019-13121

An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control...

7.5CVSS5.6AI score0.009EPSS
Exploits0References5
NVD
NVD
added 2020/03/10 3:15 p.m.16 views

CVE-2019-12443

An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery SSRF vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks...

9.8CVSS9.7AI score0.0121EPSS
Exploits0References2
Veracode
Veracode
added 2020/03/10 4:47 a.m.17 views

Server-Side Request Forgery (SSRF)

ghost is vulnerable to server-side request forgery SSRF. An attacker with the publisher role editor, author, contributor, administrator in a blog is able to exploit the vulnerability in the embed content module to make arbitrary GET requests in a on behalf of the server, allowing discovery of...

8.1CVSS3.4AI score0.0122EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/03/09 12:0 a.m.21 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (62f2182c-5f7a-11ea-abb7-001b217b3468)

Gitlab reports : Directory Traversal to Arbitrary File Read Account Takeover Through Expired Link Server Side Request Forgery Through Deprecated Service Group Two-Factor Authentication Requirement Bypass Stored XSS in Merge Request Pages Stored XSS in Merge Request Submission Form Stored XSS in...

9.8CVSS8.3AI score0.01383EPSS
Exploits0References3
Veracode
Veracode
added 2020/03/03 5:40 a.m.21 views

Server-Side Request Forgery (SSRF)

uppy is vulnerable to server-side request forgery. The /get route calls a downloadURL without validating the url parameter, allowing an attacker to perform HTTP requests in the context of the server. This can result in the extracting of information from any internal resource...

9.8CVSS1.1AI score0.01328EPSS
Exploits1References5Affected Software2
OwnCloud
OwnCloud
added 2020/02/28 9:10 a.m.18 views

SSRF in "Add to your ownCloud" functionality – ownCloud

------- It is possible to force the ownCloud server to execute GET requests against a crafted URL on the internal or external network Server Side Request Forgery after receiving a public link-share URL. The criticality of this issue is lowered because the attacker can not see the result of the...

7AI score
Exploits0Affected Software1
Prion
Prion
added 2020/02/21 9:15 p.m.22 views

Server side request forgery (ssrf)

OX App Suite through 7.10.2 allows SSRF...

4CVSS5.2AI score0.00915EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder