Total
1343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28976 | 1 Canto | 1 Canto | 2022-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. | |||||
| CVE-2020-28977 | 1 Canto | 1 Canto | 2022-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. | |||||
| CVE-2020-28978 | 1 Canto | 1 Canto | 2022-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF. | |||||
| CVE-2021-22056 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2022-01-03 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. | |||||
| CVE-2019-15021 | 1 Zingbox | 1 Inspector | 2022-01-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. | |||||
| CVE-2019-20474 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2022-01-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF. | |||||
| CVE-2019-18846 | 1 Open-xchange | 1 Open-xchange Appsuite | 2022-01-01 | 4.0 MEDIUM | 5.0 MEDIUM |
| OX App Suite through 7.10.2 allows SSRF. | |||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2021-12-22 | 4.0 MEDIUM | 5.0 MEDIUM |
| An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | |||||
| CVE-2021-22054 | 1 Vmware | 1 Workspace One Uem Console | 2021-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. | |||||
| CVE-2021-3959 | 1 Bitdefender | 1 Gravityzone | 2021-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 | |||||
| CVE-2021-39303 | 1 Jamf | 1 Jamf | 2021-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability. | |||||
| CVE-2021-39057 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-12-15 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. | |||||
| CVE-2021-23718 | 1 Ssrf-agent Project | 1 Ssrf-agent | 2021-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private. | |||||
| CVE-2021-39935 | 1 Gitlab | 1 Gitlab | 2021-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API | |||||
| CVE-2019-3395 | 1 Atlassian | 2 Confluence, Confluence Server | 2021-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. | |||||
| CVE-2021-37940 | 1 Elastic | 1 Enterprise Search | 2021-12-09 | 4.0 MEDIUM | 6.8 MEDIUM |
| An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible. | |||||
| CVE-2021-4075 | 1 Snipeitapp | 1 Snipe-it | 2021-12-07 | 6.5 MEDIUM | 7.2 HIGH |
| snipe-it is vulnerable to Server-Side Request Forgery (SSRF) | |||||
| CVE-2021-40091 | 1 Squaredup | 1 Squaredup | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. | |||||
| CVE-2021-29863 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2021-12-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087. | |||||
| CVE-2021-40809 | 1 Jamf | 1 Jamf | 2021-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows. | |||||