Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40091 | 1 Squaredup | 1 Squaredup | 2024-08-04 | 9.8 Critical |
| An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. | ||||
| CVE-2021-39927 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 3.5 Low |
| Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443 | ||||
| CVE-2021-39935 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 6.8 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API | ||||
| CVE-2021-39867 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 6.5 Medium |
| In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. | ||||
| CVE-2021-39894 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 5.4 Medium |
| In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. | ||||
| CVE-2021-39497 | 1 Eyoucms | 1 Eyoucms | 2024-08-04 | 9.8 Critical |
| eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. | ||||
| CVE-2021-39303 | 1 Jamf | 1 Jamf | 2024-08-04 | 9.8 Critical |
| The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability. | ||||
| CVE-2021-39195 | 1 Misskey | 1 Misskey | 2024-08-04 | 7.7 High |
| Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been fixed in 12.90.0. However, if you are using a proxy, you will need to take additional measures. As a workaround this exploit may be avoided by appropriately restricting access to private networks from the host where the application is running. | ||||
| CVE-2021-39150 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | ||||
| CVE-2021-39152 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | ||||
| CVE-2021-37940 | 1 Elastic | 1 Enterprise Search | 2024-08-04 | 6.8 Medium |
| An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible. | ||||
| CVE-2021-37711 | 1 Shopware | 1 Shopware | 2024-08-04 | 8.8 High |
| Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | ||||
| CVE-2021-37498 | 1 Reprisesoftware | 1 Reprise License Manager | 2024-08-04 | 6.5 Medium |
| An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. | ||||
| CVE-2021-37419 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-08-04 | 7.5 High |
| Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | ||||
| CVE-2021-37353 | 1 Nagios | 1 Nagios Xi Docker Wizard | 2024-08-04 | 9.8 Critical |
| Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. | ||||
| CVE-2021-37223 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 6.5 Medium |
| Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. | ||||
| CVE-2021-37104 | 1 Huawei | 2 P40, P40 Firmware | 2024-08-04 | 7.5 High |
| There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do. | ||||
| CVE-2021-36761 | 1 Qlik | 1 Qlik Sense | 2024-08-04 | 5.3 Medium |
| The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF. | ||||
| CVE-2021-36396 | 1 Moodle | 1 Moodle | 2024-08-04 | 7.5 High |
| In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | ||||
| CVE-2021-35512 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-04 | 6.5 Medium |
| An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | ||||