Total
1049 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4720 | 1 Ikus-soft | 1 Rdiffweb | 2024-08-03 | 6.1 Medium |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. | ||||
| CVE-2022-4644 | 1 Ikus-soft | 1 Rdiffweb | 2024-08-03 | 6.1 Medium |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. | ||||
| CVE-2022-4589 | 1 Django Terms And Conditions Project | 1 Django Terms And Conditions | 2024-08-03 | 5.5 Medium |
| A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175. | ||||
| CVE-2022-4317 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2024-08-03 | 5 Medium |
| An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. | ||||
| CVE-2022-3797 | 1 Eolink | 1 Apinto-dashboard | 2024-08-03 | 6.3 Medium |
| A vulnerability was found in eolinker apinto-dashboard. It has been rated as problematic. This issue affects some unknown processing of the file /login. The manipulation of the argument callback leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212633 was assigned to this vulnerability. | ||||
| CVE-2022-3614 | 1 Octopus | 1 Octopus Server | 2024-08-03 | 6.1 Medium |
| In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. | ||||
| CVE-2022-3486 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.7 Medium |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. | ||||
| CVE-2022-3438 | 1 Ikus-soft | 1 Rdiffweb | 2024-08-03 | 6.1 Medium |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | ||||
| CVE-2022-3381 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites | ||||
| CVE-2022-3280 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
| An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. | ||||
| CVE-2022-3145 | 1 Okta | 1 Oidc Middleware | 2024-08-03 | 4.7 Medium |
| An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. | ||||
| CVE-2022-2837 | 1 Coredns.io | 1 Coredns | 2024-08-03 | 6.1 Medium |
| A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | ||||
| CVE-2022-2237 | 1 Redhat | 3 Keycloak Node.js Adapter, Red Hat Single Sign On, Single Sign-on | 2024-08-03 | 6.1 Medium |
| A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function. | ||||
| CVE-2022-2250 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.7 Medium |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. | ||||
| CVE-2022-2252 | 1 Microweber | 1 Microweber | 2024-08-03 | 6.1 Medium |
| Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. | ||||
| CVE-2022-1774 | 1 Diagrams | 1 Drawio | 2024-08-03 | 6.1 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | ||||
| CVE-2022-1702 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-08-03 | 6.1 Medium |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | ||||
| CVE-2022-1233 | 1 Uri.js Project | 1 Uri.js | 2024-08-02 | 6.1 Medium |
| URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. | ||||
| CVE-2022-1254 | 1 Mcafee | 1 Web Gateway | 2024-08-02 | 6.1 Medium |
| A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy. | ||||
| CVE-2022-1230 | 1 Samsung | 2 Galaxy S21, Galaxy S21 Firmware | 2024-08-02 | 3.9 Low |
| This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918. | ||||