Total
1118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7797 | 1 Schneider-electric | 3 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Ecostruxure Power Scada Operation | 2024-11-21 | N/A |
| A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site. | ||||
| CVE-2018-7692 | 1 Microfocus | 1 Edirectory | 2024-11-21 | N/A |
| Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | ||||
| CVE-2018-7674 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. | ||||
| CVE-2018-7473 | 1 Soconnect | 2 Sowifi Hotspot, Sowifi Hotspot Firmware | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. | ||||
| CVE-2018-7091 | 1 Hp | 1 Xp 9000 Command View | 2024-11-21 | N/A |
| HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. | ||||
| CVE-2018-6520 | 1 Simplesamlphp | 1 Simplesamlphp | 2024-11-21 | N/A |
| SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. | ||||
| CVE-2018-6324 | 1 F-secure | 1 Radar | 2024-11-21 | N/A |
| F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. | ||||
| CVE-2018-6200 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | N/A |
| vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. | ||||
| CVE-2018-5548 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | N/A |
| On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts. | ||||
| CVE-2018-5304 | 1 Impinj | 2 R420 Rfid Reader, R420 Rfid Reader Firmware | 2024-11-21 | N/A |
| An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or perform other malicious actions. | ||||
| CVE-2018-3819 | 1 Elastic | 1 Kibana | 2024-11-21 | N/A |
| The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | ||||
| CVE-2018-3774 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 9.8 Critical |
| Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | ||||
| CVE-2018-3743 | 1 Hekto Project | 1 Hekto | 2024-11-21 | 6.1 Medium |
| Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. | ||||
| CVE-2018-2476 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
| Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. | ||||
| CVE-2018-25091 | 2 Python, Redhat | 2 Urllib3, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). | ||||
| CVE-2018-20929 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). | ||||
| CVE-2018-20867 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | ||||
| CVE-2018-20698 | 1 Search-guard | 1 Search Guard | 2024-11-21 | N/A |
| The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set. | ||||
| CVE-2018-1939 | 1 Ibm | 1 Cloud Private | 2024-11-21 | N/A |
| IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319. | ||||
| CVE-2018-1875 | 1 Ibm | 2 Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2024-11-21 | N/A |
| IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639. | ||||