Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10770 | 1 Redhat | 2 Keycloak, Red Hat Single Sign On | 2024-08-04 | 5.3 Medium |
| A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. | ||||
| CVE-2020-10791 | 1 It-novum | 1 Openitcockpit | 2024-08-04 | 6.5 Medium |
| app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module. | ||||
| CVE-2020-10252 | 1 Owncloud | 1 Owncloud | 2024-08-04 | 8.3 High |
| An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack. | ||||
| CVE-2020-10212 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-04 | 9.8 Critical |
| upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the PATH_INFO. Also, an attacker could create a DNS hostname that resolves to the 0.0.0.0 IP address for DNS pinning. NOTE: this issue exists because of an incomplete fix for CVE-2018-14728. | ||||
| CVE-2020-10077 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 9.8 Critical |
| GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. | ||||
| CVE-2020-9643 | 1 Adobe | 1 Experience Manager | 2024-08-04 | 7.5 High |
| Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2020-9645 | 1 Adobe | 1 Experience Manager | 2024-08-04 | 7.5 High |
| Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2020-9298 | 1 Spinnaker | 1 Orca | 2024-08-04 | 7.5 High |
| The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure. | ||||
| CVE-2020-9427 | 1 Open-xchange | 1 Ox Guard | 2024-08-04 | 5.0 Medium |
| OX Guard 2.10.3 and earlier allows SSRF. | ||||
| CVE-2020-8902 | 1 Google | 1 Rendertron | 2024-08-04 | 3.5 Low |
| Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain. | ||||
| CVE-2020-8830 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-08-04 | 8.8 High |
| CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | ||||
| CVE-2020-8544 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-04 | 6.5 Medium |
| OX App Suite through 7.10.3 allows SSRF. | ||||
| CVE-2020-8540 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 9.8 Critical |
| An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2020-8464 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-08-04 | 7.5 High |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | ||||
| CVE-2020-8205 | 1 Transloadit | 1 Uppy | 2024-08-04 | 7.5 High |
| The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems. | ||||
| CVE-2020-8226 | 1 Phpbb | 1 Phpbb | 2024-08-04 | 5.8 Medium |
| A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. | ||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 6.5 Medium |
| A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | ||||
| CVE-2020-8135 | 1 Uppy | 1 Uppy | 2024-08-04 | 9.8 Critical |
| The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems. | ||||
| CVE-2020-8134 | 1 Ghost | 1 Ghost | 2024-08-04 | 8.1 High |
| Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. | ||||
| CVE-2020-8128 | 1 Jsreport | 1 Jsreport | 2024-08-04 | 9.8 Critical |
| An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. | ||||