Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35850 | 1 Cockpit-project | 1 Cockpit | 2024-08-04 | 6.5 Medium |
| An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue. | ||||
| CVE-2019-0345 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | N/A |
| A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery. | ||||
| CVE-2019-0227 | 2 Apache, Oracle | 37 Axis, Agile Engineering Data Management, Agile Product Lifecycle Management Framework and 34 more | 2024-08-04 | 7.5 High |
| A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. | ||||
| CVE-2020-36200 | 1 Kaspersky | 1 Tinycheck | 2024-08-04 | 6.5 Medium |
| TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs. | ||||
| CVE-2020-35970 | 1 Yzmcms | 1 Yzmcms | 2024-08-04 | 7.5 High |
| An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read. | ||||
| CVE-2020-35205 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-08-04 | 9.8 Critical |
| Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35712 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2024-08-04 | 9.8 Critical |
| Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. | ||||
| CVE-2020-35667 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | 7.5 High |
| JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. | ||||
| CVE-2020-35313 | 1 Wondercms | 1 Wondercms | 2024-08-04 | 9.8 Critical |
| A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | ||||
| CVE-2020-28978 | 1 Canto | 1 Canto | 2024-08-04 | 5.3 Medium |
| The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF. | ||||
| CVE-2020-28977 | 1 Canto | 1 Canto | 2024-08-04 | 5.3 Medium |
| The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. | ||||
| CVE-2020-28976 | 1 Canto | 1 Canto | 2024-08-04 | 5.3 Medium |
| The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. | ||||
| CVE-2020-28943 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-04 | 6.5 Medium |
| OX App Suite 7.10.4 and earlier allows SSRF via a snippet. | ||||
| CVE-2020-28735 | 1 Plone | 1 Plone | 2024-08-04 | 8.8 High |
| Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | ||||
| CVE-2020-28360 | 1 Private-ip Project | 1 Private-ip | 2024-08-04 | 9.8 Critical |
| Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques. | ||||
| CVE-2020-28168 | 2 Axios, Siemens | 2 Axios, Sinec Ins | 2024-08-04 | 5.9 Medium |
| Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. | ||||
| CVE-2020-28043 | 1 Misp | 1 Misp | 2024-08-04 | 7.5 High |
| MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. | ||||
| CVE-2020-27624 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 5.3 Medium |
| JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. | ||||
| CVE-2020-27626 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 5.3 Medium |
| JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. | ||||
| CVE-2020-27197 | 2 Eclecticiq, Libtaxii Project | 2 Opentaxii, Libtaxii | 2024-08-04 | 9.8 Critical |
| TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group. | ||||