Total
1118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26836 | 1 Sap | 1 Solution Manager | 2024-11-21 | 6.1 Medium |
| SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack. | ||||
| CVE-2020-26275 | 1 Jupyter | 1 Jupyter Server | 2024-11-21 | 6.1 Medium |
| The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may *appear* safe, but ultimately redirect to a spoofed server on the public internet. This same vulnerability was patched in upstream notebook v5.7.8. This is fixed in jupyter_server 1.1.1. If upgrade is not available, a workaround can be to run your server on a url prefix: "jupyter server --ServerApp.base_url=/jupyter/". | ||||
| CVE-2020-26232 | 1 Jupyter | 1 Jupyter Server | 2024-11-21 | 4.1 Medium |
| Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet. | ||||
| CVE-2020-26219 | 1 Touchbase.ai Project | 1 Touchbase.ai | 2024-11-21 | 4.7 Medium |
| touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The issue is fixed in version 2.0. | ||||
| CVE-2020-26215 | 2 Debian, Jupyter | 2 Debian Linux, Notebook | 2024-11-21 | 4.4 Medium |
| Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. | ||||
| CVE-2020-26161 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 6.1 Medium |
| In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. | ||||
| CVE-2020-25901 | 1 Spiceworks | 1 Spiceworks | 2024-11-21 | 6.1 Medium |
| Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | ||||
| CVE-2020-25846 | 1 Panorama Project | 1 Nhiservisignadapter | 2024-11-21 | 7.5 High |
| The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential. | ||||
| CVE-2020-25845 | 1 Panorama Project | 1 Nhiservisignadapter | 2024-11-21 | 7.5 High |
| Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential. | ||||
| CVE-2020-25154 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-11-21 | 5.4 Medium |
| An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. | ||||
| CVE-2020-24598 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect. | ||||
| CVE-2020-24554 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 7.5 High |
| The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist. | ||||
| CVE-2020-24551 | 1 Iproom | 1 Mmc\+ | 2024-11-21 | 6.1 Medium |
| IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials. | ||||
| CVE-2020-24550 | 1 Episerver | 1 Find | 2024-11-21 | 6.1 Medium |
| An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. | ||||
| CVE-2020-23182 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel. | ||||
| CVE-2020-23015 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 6.1 Medium |
| An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. | ||||
| CVE-2020-22840 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. | ||||
| CVE-2020-21998 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 6.1 Medium |
| In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. | ||||
| CVE-2020-1997 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.3 Medium |
| An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. | ||||
| CVE-2020-1927 | 9 Apache, Broadcom, Canonical and 6 more | 17 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 14 more | 2024-11-21 | 6.1 Medium |
| In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | ||||