Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20596 | 1 Jspxcms | 1 Jspxcms | 2024-08-05 | N/A |
| Jspxcms v9.0.0 allows SSRF. | ||||
| CVE-2018-20497 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 5.0 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. | ||||
| CVE-2018-20499 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 7.2 High |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. | ||||
| CVE-2018-20228 | 1 Subsonic | 1 Subsonic | 2024-08-05 | N/A |
| Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. | ||||
| CVE-2018-19571 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 7.7 High |
| GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. | ||||
| CVE-2018-19601 | 1 Rhymix | 1 Rhymix | 2024-08-05 | N/A |
| Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | ||||
| CVE-2018-19495 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. | ||||
| CVE-2018-18867 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
| An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. | ||||
| CVE-2018-18843 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. | ||||
| CVE-2018-18646 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. | ||||
| CVE-2018-18569 | 1 Dundas | 1 Dundas Bi | 2024-08-05 | N/A |
| The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. This could be leveraged to provide a proxy to attack other servers (internal or external) or to perform network scans of external or internal networks. | ||||
| CVE-2018-17452 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 9.8 Critical |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. | ||||
| CVE-2018-17450 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 4.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token. | ||||
| CVE-2018-17198 | 1 Apache | 1 Roller | 2024-08-05 | N/A |
| Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> --> | ||||
| CVE-2018-16794 | 1 Microsoft | 2 Active Directory Federation Services, Windows Server 2016 | 2024-08-05 | N/A |
| Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | ||||
| CVE-2018-16793 | 1 Microsoft | 1 Exchange Server | 2024-08-05 | N/A |
| Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | ||||
| CVE-2018-16409 | 1 Gogs | 1 Gogs | 2024-08-05 | N/A |
| In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. | ||||
| CVE-2018-16444 | 1 Seacms | 1 Seacms | 2024-08-05 | N/A |
| An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. | ||||
| CVE-2018-15895 | 1 Icmsdev | 1 Icms | 2024-08-05 | N/A |
| An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. | ||||
| CVE-2018-15657 | 1 42gears | 1 Suremdm | 2024-08-05 | N/A |
| An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. | ||||