Lucene search
K

343 matches found

RedHat Linux
RedHat Linux
added 2021/10/11 8:6 a.m.8 views

httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"

A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...

9CVSS7.1AI score0.99999EPSS
Exploits5References5
OSV
OSV
added 2021/10/06 8:15 p.m.3 views

CVE-2021-34706

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper handling...

5.4CVSS5.9AI score0.00714EPSS
Exploits0References1
OSV
OSV
added 2021/08/30 6:15 p.m.3 views

CVE-2021-22026

The vRealize Operations Manager API 8.x prior to 8.5 contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure...

7.5CVSS5.8AI score0.01128EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/05/26 9:49 p.m.4 views

XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

8.6CVSS7.5AI score0.46826EPSS
Exploits1References4
OSV
OSV
added 2021/03/15 10:15 p.m.4 views

UBUNTU-CVE-2021-20280

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

5.4CVSS7.2AI score0.01277EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2021/01/20 4:38 a.m.8 views

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...

6.5CVSS7.1AI score0.01478EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/12/30 12:0 a.m.2 views

PT-2020-16409 · Medikoo · Uri.Js

Name of the Vulnerable Software and Affected Versions: URI.js versions prior to 1.19.4 Description: The hostname can be spoofed by using a backslash character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage an...

6.5CVSS6.6AI score0.0169EPSS
Exploits0References10
OSV
OSV
added 2020/10/06 6:15 p.m.6 views

CVE-2020-7740

This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...

8.2CVSS7.2AI score0.02044EPSS
Exploits0References2
OSV
OSV
added 2020/01/23 1:15 p.m.5 views

CVE-2019-19835

SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/rcmdstat.jsp URI...

7.5CVSS7.2AI score0.01778EPSS
Exploits1References3
CNVD
CNVD
added 2020/01/13 12:0 a.m.4 views

Apache Olingo SSRF Attack Vulnerability

Apache Olingo is a U.S. Apache Apache Software Foundation for the implementation of Open Data Protocol OData, Open Data Protocol Java library. Apache Olingo SSRF attack vulnerability can be exploited by an attacker to trick a client into connecting to a malicious server, then the server can cause...

7.5CVSS6.9AI score0.0283EPSS
Exploits0References1
OSV
OSV
added 2019/07/03 8:15 p.m.4 views

CVE-2019-12852

An SSRF attack was possible on a JetBrains YouTrack server. The issue 1 of 2 was fixed in JetBrains YouTrack 2018.4.49168...

9.8CVSS5.8AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/25 8:13 a.m.4 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Cross-site scripting in the additional processing of Customize Item function CWE-79 - CVE-2019-5928 Cross-site scripting in the application "Memo" CWE-79 - CVE-2019-5929 Browse restriction bypass in th...

9.8CVSS7.3AI score0.02138EPSS
Exploits0References71
BDU FSTEC
BDU FSTEC
added 2019/01/22 12:0 a.m.6 views

The vulnerability of the MailConnect function in the software controller allows for an SSRF attack by the intruder, enabling them to carry out a malicious action. This vulnerability is present in the D-Link Central WiFi Manager, a device used for centralized control of wireless networks.

The vulnerability of the MailConnect function in the D-Link Central WiFi Manager software control panel exists due to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

6.5CVSS7.5AI score0.44101EPSS
Exploits3References3
CNVD
CNVD
added 2019/01/11 12:0 a.m.4 views

CloudBees Jenkins Crowd 2 Integration Plugin Server Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Crowd 2 Integration Plugin is used in which a Authentication Plugin. A...

6.5CVSS6.8AI score0.00769EPSS
Exploits0References1
OSV
OSV
added 2018/12/20 3:29 p.m.4 views

CVE-2018-1000820

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity XXE vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c...

10CVSS5.8AI score0.01873EPSS
Exploits0References2
OSV
OSV
added 2018/12/19 11:29 a.m.7 views

CVE-2018-20228

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF...

8CVSS5.8AI score0.0042EPSS
Exploits3References1
Debian CVE
Debian CVE
added 2018/08/20 7:0 p.m.47 views

CVE-2018-1000652

JabRef version =4.3.1 contains a XML External Entity XXE vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This...

10CVSS9.4AI score0.01937EPSS
Exploits0
OSV
OSV
added 2018/07/12 4:29 p.m.5 views

CVE-2018-12463

An XML external entity XXE vulnerability in Fortify Software Security Center SSC, version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

9.8CVSS5.9AI score0.13849EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2018/05/01 4:29 p.m.3 views

CVE-2018-8939

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can submit specially crafted requests via the NmAPI executable to 1 gain unauthorized access to the WhatsUp Gold system, 2 obtain information about the WhatsUp Gold system, or 3 execute remote...

9.8CVSS5.7AI score0.01443EPSS
Exploits0References2
OSV
OSV
added 2018/01/17 2:29 p.m.5 views

CVE-2017-16865

The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access...

5.3CVSS5.8AI score0.00689EPSS
Exploits0References1
Rows per page
Query Builder