Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10372 | 1 Jenkins | 1 Gitlab Oauth | 2024-08-04 | 6.1 Medium |
| An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | ||||
| CVE-2019-10255 | 1 Jupyter | 2 Jupyterhub, Notebook | 2024-08-04 | N/A |
| An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. | ||||
| CVE-2019-10133 | 1 Moodle | 1 Moodle | 2024-08-04 | N/A |
| A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs. | ||||
| CVE-2019-10117 | 1 Gitlab | 1 Gitlab | 2024-08-04 | N/A |
| An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. | ||||
| CVE-2019-10098 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux, Jboss Core Services and 1 more | 2024-08-04 | 6.1 Medium |
| In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. | ||||
| CVE-2019-9915 | 1 Get-simple. | 1 Getsimplecms | 2024-08-04 | N/A |
| GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | ||||
| CVE-2019-9837 | 1 Openid | 1 Openid Connect | 2024-08-04 | N/A |
| Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow. | ||||
| CVE-2019-8951 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-08-04 | N/A |
| An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056). | ||||
| CVE-2019-8791 | 1 Apple | 1 Shazam | 2024-08-04 | 6.1 Medium |
| An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect. | ||||
| CVE-2019-7416 | 1 Opentext | 1 Documentum Webtop | 2024-08-04 | N/A |
| XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable. | ||||
| CVE-2019-7275 | 1 Optergy | 2 Enterprise, Proton | 2024-08-04 | 6.1 Medium |
| Optergy Proton/Enterprise devices allow Open Redirect. | ||||
| CVE-2019-6780 | 1 Kaine | 1 Wise Chat | 2024-08-04 | N/A |
| The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer. | ||||
| CVE-2019-6741 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2024-08-04 | 9.3 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476. | ||||
| CVE-2019-6021 | 1 Ricoh | 1 Limedio | 2024-08-04 | 6.1 Medium |
| Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | ||||
| CVE-2019-6020 | 1 Alfasado | 1 Powercms | 2024-08-04 | 6.1 Medium |
| Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | ||||
| CVE-2019-6035 | 1 Yahoo | 1 Athenz | 2024-08-04 | 6.1 Medium |
| Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | ||||
| CVE-2019-6025 | 1 Sixapart | 1 Movable Type | 2024-08-04 | 6.1 Medium |
| Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | ||||
| CVE-2019-6004 | 1 Fujixerox | 2 Apeosware Management Suite, Apeosware Management Suite 2 | 2024-08-04 | 6.1 Medium |
| Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2019-5978 | 1 Cybozu | 1 Garoon | 2024-08-04 | 6.1 Medium |
| Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. | ||||
| CVE-2019-6009 | 1 Ss-proj | 1 Shirasagi | 2024-08-04 | 6.1 Medium |
| Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||