Total
1118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11589 | 1 Atlassian | 1 Jira Server | 2024-11-21 | N/A |
| The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | ||||
| CVE-2019-11585 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | ||||
| CVE-2019-11269 | 2 Oracle, Pivotal Software | 2 Banking Corporate Lending, Spring Security Oauth | 2024-11-21 | 5.4 Medium |
| Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. | ||||
| CVE-2019-11016 | 1 Elgg | 1 Elgg | 2024-11-21 | N/A |
| Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. | ||||
| CVE-2019-10955 | 1 Rockwellautomation | 11 Compactlogix 5370 L1, Compactlogix 5370 L1 Firmware, Compactlogix 5370 L2 and 8 more | 2024-11-21 | N/A |
| In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine. | ||||
| CVE-2019-10856 | 1 Jupyter | 1 Notebook | 2024-11-21 | N/A |
| In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. | ||||
| CVE-2019-10751 | 1 Httpie | 1 Httpie | 2024-11-21 | N/A |
| All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. | ||||
| CVE-2019-10721 | 1 Dotnetblogengine | 1 Blogengine.net | 2024-11-21 | N/A |
| BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. | ||||
| CVE-2019-10372 | 1 Jenkins | 1 Gitlab Oauth | 2024-11-21 | 6.1 Medium |
| An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | ||||
| CVE-2019-10255 | 1 Jupyter | 2 Jupyterhub, Notebook | 2024-11-21 | N/A |
| An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. | ||||
| CVE-2019-10133 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs. | ||||
| CVE-2019-10117 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. | ||||
| CVE-2019-10098 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux, Jboss Core Services and 1 more | 2024-11-21 | 6.1 Medium |
| In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. | ||||
| CVE-2019-1020016 | 1 Ash-aio Project | 1 Ash-aio | 2024-11-21 | N/A |
| ASH-AIO before 2.0.0.3 allows an open redirect. | ||||
| CVE-2019-1010290 | 1 Cmsmadesimple | 1 Bable\ | 2024-11-21 | N/A |
| Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing. | ||||
| CVE-2019-0540 | 1 Microsoft | 5 Excel Viewer, Office, Office 365 Proplus and 2 more | 2024-11-21 | N/A |
| A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | ||||
| CVE-2018-8937 | 1 Open-audit | 1 Open-audit | 2024-11-21 | N/A |
| An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code. | ||||
| CVE-2018-8913 | 1 Synology | 1 Web Station | 2024-11-21 | N/A |
| Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL. | ||||
| CVE-2018-8813 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | N/A |
| Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL. | ||||
| CVE-2018-7804 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-11-21 | N/A |
| A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing. | ||||