| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. |
| In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server. |
| An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. |
| A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. |
| A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters. |
| yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. |
| The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter). |
| SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. |
| A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020. |
| A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption. |
| Gophish before 0.11.0 allows SSRF attacks. |
| OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. |
| A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
| A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
| A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
| In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface. |
| A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. |
| FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. |
| Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports. |
