Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35652 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-11-07 | N/A | 6.1 MEDIUM |
| An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. | |||||
| CVE-2022-37940 | 1 Hpe | 4 Flexfabric 5700 40xg 2qsfp\+, Flexfabric 5700 40xg 2qsfp\+ Firmware, Flexfabric 5700 48g 4xg 2qsfp\+ and 1 more | 2023-11-07 | N/A | 6.1 MEDIUM |
| Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later. | |||||
| CVE-2022-29718 | 1 Caddyserver | 1 Caddy | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
| CVE-2022-23078 | 1 Habitica | 1 Habitica | 2023-11-07 | 5.8 MEDIUM | N/A |
| In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. | |||||
| CVE-2022-26326 | 1 Microfocus | 1 Netiq Access Manager | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 | |||||
| CVE-2022-20794 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2023-11-07 | 4.3 MEDIUM | 4.7 MEDIUM |
| Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-4348 | 1 Createit | 1 Ultimate Gdpr \& Ccpa Compliance Toolkit | 2023-11-07 | N/A | 6.1 MEDIUM |
| The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites. | |||||
| CVE-2021-39191 | 3 Debian, Fedoraproject, Openidc | 3 Debian Linux, Fedora, Mod Auth Openidc | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. | |||||
| CVE-2021-39425 | 1 Seeddms | 1 Seeddms | 2023-11-07 | N/A | 6.1 MEDIUM |
| SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
| CVE-2021-38123 | 1 Microfocus | 1 Network Automation | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. | |||||
| CVE-2021-37746 | 3 Claws-mail, Fedoraproject, Sylpheed Project | 3 Claws-mail, Fedora, Sylpheed | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. | |||||
| CVE-2021-36580 | 1 Icewarp | 2 Icewarp Server, Mail Server | 2023-11-07 | N/A | 6.1 MEDIUM |
| Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. | |||||
| CVE-2021-34772 | 1 Cisco | 1 Orbital | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites. | |||||
| CVE-2021-34764 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-32786 | 3 Apache, Fedoraproject, Openidc | 3 Http Server, Fedora, Mod Auth Openidc | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression. | |||||
| CVE-2021-30888 | 1 Apple | 6 Ipad Os, Ipados, Iphone Os and 3 more | 2023-11-07 | 4.3 MEDIUM | 7.4 HIGH |
| An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior . | |||||
| CVE-2021-28125 | 1 Apache | 1 Superset | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link. | |||||
| CVE-2021-25640 | 1 Apache | 1 Dubbo | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | |||||
| CVE-2021-22526 | 1 Microfocus | 1 Access Manager | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||
| CVE-2021-21392 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2023-11-07 | 4.9 MEDIUM | 6.3 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds. | |||||