Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34808 | 1 Synology | 1 Media Server | 2024-09-17 | 5.8 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. | ||||
| CVE-2021-29749 | 1 Ibm | 2 Secure External Authentication Server, Sterling Secure Proxy | 2024-09-17 | 5.4 Medium |
| IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777. | ||||
| CVE-2021-33181 | 1 Synology | 1 Video Station | 2024-09-17 | 6.6 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. | ||||
| CVE-2021-36349 | 1 Dell | 1 Emc Data Protection Central | 2024-09-17 | 4.3 Medium |
| Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts. | ||||
| CVE-2020-7328 | 1 Mcafee | 1 Mvision Endpoint | 2024-09-17 | 7.2 High |
| External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. | ||||
| CVE-2017-1000419 | 1 Phpbb | 1 Phpbb | 2024-09-17 | N/A |
| phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application. | ||||
| CVE-2018-18753 | 1 Typecho | 1 Typecho | 2024-09-17 | N/A |
| Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. | ||||
| CVE-2017-1000237 | 1 I-librarian | 1 I Librarian | 2024-09-17 | N/A |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | ||||
| CVE-2020-17386 | 1 Cellopoint | 1 Cellos | 2024-09-17 | 6.5 Medium |
| Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system. | ||||
| CVE-2017-11148 | 1 Synology | 1 Chat | 2024-09-17 | N/A |
| Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | ||||
| CVE-2019-4203 | 1 Ibm | 1 Api Connect | 2024-09-17 | 9.8 Critical |
| IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. | ||||
| CVE-2022-42343 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-09-17 | 6.5 Medium |
| Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. | ||||
| CVE-2019-12632 | 1 Cisco | 1 Finesse | 2024-09-17 | 7.5 High |
| A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions. | ||||
| CVE-2018-20528 | 1 Jeecms | 1 Jeecms | 2024-09-17 | N/A |
| JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter. | ||||
| CVE-2022-27622 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | 4.1 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | ||||
| CVE-2022-23080 | 1 Rangerstudio | 1 Directus | 2024-09-17 | 5.0 Medium |
| In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans. | ||||
| CVE-2020-7329 | 1 Mcafee | 1 Mvision Endpoint | 2024-09-17 | 7.2 High |
| Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. | ||||
| CVE-2022-23071 | 1 Tandoor | 1 Recipes | 2024-09-17 | 6.5 Medium |
| In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information. | ||||
| CVE-2017-12071 | 1 Synology | 1 Photo Station | 2024-09-17 | N/A |
| Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. | ||||
| CVE-2021-36203 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2024-09-17 | 5.3 Medium |
| The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. | ||||