Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9621 | 1 Zimbra | 1 Collaboration Server | 2024-08-04 | N/A |
| Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. | ||||
| CVE-2019-9187 | 1 Ikiwiki | 1 Ikiwiki | 2024-08-04 | N/A |
| ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs. | ||||
| CVE-2019-9174 | 1 Gitlab | 1 Gitlab | 2024-08-04 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF. | ||||
| CVE-2019-8156 | 1 Magento | 1 Magento | 2024-08-04 | 7.2 High |
| A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution. | ||||
| CVE-2019-8151 | 1 Magento | 1 Magento | 2024-08-04 | 7.2 High |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier gateway. | ||||
| CVE-2019-7923 | 1 Magento | 1 Magento | 2024-08-04 | N/A |
| A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code. | ||||
| CVE-2019-7913 | 1 Magento | 1 Magento | 2024-08-04 | N/A |
| A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code. | ||||
| CVE-2019-7911 | 1 Magento | 1 Magento | 2024-08-04 | N/A |
| A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code. | ||||
| CVE-2019-7892 | 1 Magento | 1 Magento | 2024-08-04 | N/A |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery. | ||||
| CVE-2019-7616 | 1 Elastic | 1 Kibana | 2024-08-04 | 4.9 Medium |
| Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. | ||||
| CVE-2019-7652 | 1 Thehive-project | 1 Cortex-analyzers | 2024-08-04 | N/A |
| TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts. | ||||
| CVE-2019-6981 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-08-04 | N/A |
| Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | ||||
| CVE-2019-6970 | 1 Moodle | 1 Moodle | 2024-08-04 | N/A |
| Moodle 3.5.x before 3.5.4 allows SSRF. | ||||
| CVE-2019-6793 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 7.0 High |
| An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. | ||||
| CVE-2019-6837 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2024-08-04 | 9.1 Critical |
| A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL. | ||||
| CVE-2019-6512 | 1 Wso2 | 1 Api Manager | 2024-08-04 | N/A |
| An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper. | ||||
| CVE-2019-6516 | 1 Wso2 | 1 Dashboard Server | 2024-08-04 | N/A |
| An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF. | ||||
| CVE-2019-5464 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 9.8 Critical |
| A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. | ||||
| CVE-2019-3905 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-04 | N/A |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | ||||
| CVE-2019-3809 | 1 Moodle | 1 Moodle | 2024-08-04 | N/A |
| A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page. | ||||