Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19613 | 1 Flycms Project | 1 Flycms | 2024-08-04 | 7.5 High |
| Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | ||||
| CVE-2020-17513 | 1 Apache | 1 Airflow | 2024-08-04 | 5.3 Medium |
| In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. | ||||
| CVE-2020-16171 | 1 Acronis | 1 Cyber Backup | 2024-08-04 | 6.5 Medium |
| An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572. | ||||
| CVE-2020-15879 | 1 Bitwarden | 1 Server | 2024-08-04 | 7.5 High |
| Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). | ||||
| CVE-2020-15819 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 5.3 Medium |
| JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | ||||
| CVE-2020-15823 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 7.5 High |
| JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | ||||
| CVE-2020-15822 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 7.3 High |
| In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | ||||
| CVE-2020-15809 | 1 Spinetix | 11 Diva, Diva Firmware, Dsos and 8 more | 2024-08-04 | 6.5 Medium |
| spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd. | ||||
| CVE-2020-15772 | 1 Gradle | 1 Enterprise | 2024-08-04 | 4.9 Medium |
| An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery. | ||||
| CVE-2020-15594 | 1 Zohocorp | 1 Application Control Plus | 2024-08-04 | 4.3 Medium |
| An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed. | ||||
| CVE-2020-15377 | 1 Broadcom | 1 Sannav | 2024-08-04 | 9.8 Critical |
| Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | ||||
| CVE-2020-15152 | 1 Ftp-srv Project | 1 Ftp-srv | 2024-08-04 | 9.1 Critical |
| ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. More information can be found on the linked advisory. | ||||
| CVE-2020-15002 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-04 | 5.0 Medium |
| OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. | ||||
| CVE-2020-14328 | 1 Redhat | 1 Ansible Tower | 2024-08-04 | 3.3 Low |
| A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-14327 | 1 Redhat | 1 Ansible Tower | 2024-08-04 | 5.5 Medium |
| A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response. | ||||
| CVE-2020-14296 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-04 | 7.1 High |
| Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible. | ||||
| CVE-2020-14160 | 1 Thecodingmachine | 1 Gotenberg | 2024-08-04 | 7.5 High |
| An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources. | ||||
| CVE-2020-14056 | 1 Monstaftp | 1 Monsta Ftp | 2024-08-04 | 9.8 Critical |
| Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services. | ||||
| CVE-2020-14044 | 1 Codiad | 1 Codiad | 2024-08-04 | 7.2 High |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | ||||
| CVE-2020-14023 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-08-04 | 4.9 Medium |
| Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. | ||||