Lucene search
K

9242 matches found

RedHat Linux
RedHat Linux
added 2019/09/27 12:13 a.m.143 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update

An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.5AI score0.49727EPSS
Exploits10References21
NVD
NVD
added 2019/09/26 3:15 p.m.16 views

CVE-2019-4262

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery SSRF. This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014...

5.3CVSS5.2AI score0.00954EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/09/26 3:5 p.m.13 views

CVE-2019-4262

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery SSRF. This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014...

5.3CVSS5.2AI score0.00954EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2019/09/26 5:6 a.m.77 views

Exploit for Server-Side Request Forgery in Atlassian Jira_Server

CVE-2019-8451 Jira未授权SSRF漏洞 python usage python CVE-2019...

6.5CVSS6.8AI score0.94453EPSS
Exploits2
Prion
Prion
added 2019/09/25 6:15 p.m.17 views

Server side request forgery (ssrf)

In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request...

5CVSS5.3AI score0.01102EPSS
Exploits0References2Affected Software16
Cvelist
Cvelist
added 2019/09/17 7:15 p.m.13 views

CVE-2019-6837

A Server-Side Request Forgery SSRF: CWE-918 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could cause server...

9.1AI score0.00988EPSS
Exploits0References1
CVE
CVE
added 2019/09/17 7:15 p.m.115 views

CVE-2019-6837

CVE-2019-6837 describes a Server-Side Request Forgery (SSRF) in Schneider Electric’s U.motion Server family (MEG6501-0001 U.motion KNX server; MEG6501-0002 U.motion KNX Server Plus; MEG6260-0410 U.motion KNX Server Plus; Touch 10; MEG6260-0415 Touch 15). The flaw allows an attacker to cause the s...

9.1CVSS9AI score0.00988EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/09/11 2:15 p.m.30 views

Server side request forgery (ssrf)

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...

6.4CVSS6.3AI score0.94453EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2019/09/11 1:56 p.m.140 views

CVE-2019-8451

CVE-2019-8451 affects Jira Server before 8.4.0 with an SSRF in the /plugins/servlet/gadgets/makeRequest endpoint due to a logic bug in JiraWhitelist. An attacker can cause Jira to fetch internal resources and return their responses, enabling access to internal network content. The weakness is pre...

6.5CVSS6.4AI score0.94453EPSS
In wildExploits2References1Affected Software1
NVD
NVD
added 2019/09/05 2:15 a.m.22 views

CVE-2019-12632

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker...

7.5CVSS6.1AI score0.0156EPSS
Exploits0References1
OSV
OSV
added 2019/09/05 2:15 a.m.4 views

CVE-2019-12633

A vulnerability in Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the...

7.5CVSS6.3AI score0.01515EPSS
Exploits0References1
Prion
Prion
added 2019/09/05 2:15 a.m.22 views

Server side request forgery (ssrf)

A vulnerability in Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the...

5CVSS7.5AI score0.01515EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/09/05 2:15 a.m.17 views

Server side request forgery (ssrf)

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker...

5CVSS7.5AI score0.0156EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/09/05 1:15 a.m.30 views

CVE-2019-12632 Cisco Finesse Request Processing Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker...

5.3CVSS7.6AI score0.0156EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/09/05 1:15 a.m.23 views

CVE-2019-12633 Cisco Unified Contact Center Express Request Processing Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the...

5.3CVSS7.6AI score0.01515EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/08/29 12:0 a.m.34 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Kubernetes Integration Server-Side Request Forgery Server-Side Request Forgery in Jira Integration Improved Protection Against Credential Stuffing Attacks Markdown Clientside Resource Exhaustion Pipeline Status Disclosure Group Runner Authorization Issue CI Metrics Disclosure User...

9.8CVSS1AI score0.03073EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2019/08/27 12:0 a.m.37 views

Cisco TelePresence VCS / Expressway Series < 12.5 REST API Server-Side Request Forgery Vulnerability

According to its self-reported version number, the Cisco TelePresence VCS or Expressway Series on the remote host contains a vulnerability in the web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an authenticated, remote attacker t...

5CVSS5.8AI score0.02125EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/08/27 12:0 a.m.26 views

Cisco TelePresence Conductor REST API Server-Side Request Forgery Vulnerability

According to its self-reported version number, remote Cisco TelePresence Conductor device is affected by a server-side request forgery vulnerability which could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. Note that an attacker...

5CVSS5.6AI score0.02125EPSS
Exploits0References3
NVD
NVD
added 2019/08/21 6:15 p.m.18 views

CVE-2019-11897

A Server-Side Request Forgery SSRF vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to rea...

8.6CVSS8.4AI score0.01782EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/21 5:9 p.m.20 views

CVE-2019-11897 Server-side request forgery in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software

A Server-Side Request Forgery SSRF vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to rea...

8.6CVSS8.4AI score0.01782EPSS
Exploits0References1
Rows per page
Query Builder