Total
1548 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21649 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.1 High |
| Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. | ||||
| CVE-2020-21122 | 1 Ureport Project | 1 Ureport | 2024-11-21 | 5.3 Medium |
| UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | ||||
| CVE-2020-20582 | 1 Mipcms | 1 Mipcms | 2024-11-21 | 7.5 High |
| A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information. | ||||
| CVE-2020-20341 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 7.5 High |
| YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | ||||
| CVE-2020-1925 | 2 Apache, Redhat | 2 Olingo, Jboss Fuse | 2024-11-21 | 7.5 High |
| Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker. | ||||
| CVE-2020-19613 | 1 Flycms Project | 1 Flycms | 2024-11-21 | 7.5 High |
| Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | ||||
| CVE-2020-16248 | 1 Prometheus | 1 Blackbox Exporter | 2024-11-21 | 5.8 Medium |
| Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability | ||||
| CVE-2020-16171 | 1 Acronis | 1 Cyber Backup | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572. | ||||
| CVE-2020-15879 | 1 Bitwarden | 1 Server | 2024-11-21 | 7.5 High |
| Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). | ||||
| CVE-2020-15823 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | ||||
| CVE-2020-15822 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.3 High |
| In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | ||||
| CVE-2020-15819 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | ||||
| CVE-2020-15809 | 1 Spinetix | 11 Diva, Diva Firmware, Dsos and 8 more | 2024-11-21 | 6.5 Medium |
| spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd. | ||||
| CVE-2020-15772 | 1 Gradle | 1 Enterprise | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery. | ||||
| CVE-2020-15377 | 1 Broadcom | 1 Sannav | 2024-11-21 | 9.8 Critical |
| Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | ||||
| CVE-2020-15297 | 1 Bitdefender | 1 Update Server | 2024-11-21 | 7.1 High |
| Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. | ||||
| CVE-2020-15152 | 1 Ftp-srv Project | 1 Ftp-srv | 2024-11-21 | 9.1 Critical |
| ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. More information can be found on the linked advisory. | ||||
| CVE-2020-15002 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.0 Medium |
| OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. | ||||
| CVE-2020-14328 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 3.3 Low |
| A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-14327 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 5.5 Medium |
| A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response. | ||||