Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21788 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 4.3 Medium |
| In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php. | ||||
| CVE-2020-21653 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.1 Critical |
| Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method. | ||||
| CVE-2020-21649 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.1 High |
| Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. | ||||
| CVE-2020-21122 | 1 Ureport Project | 1 Ureport | 2024-11-21 | 5.3 Medium |
| UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | ||||
| CVE-2020-20582 | 1 Mipcms | 1 Mipcms | 2024-11-21 | 7.5 High |
| A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information. | ||||
| CVE-2020-20341 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 7.5 High |
| YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | ||||
| CVE-2020-1925 | 2 Apache, Redhat | 2 Olingo, Jboss Fuse | 2024-11-21 | 7.5 High |
| Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker. | ||||
| CVE-2020-19613 | 1 Flycms Project | 1 Flycms | 2024-11-21 | 7.5 High |
| Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | ||||
| CVE-2020-17386 | 1 Cellopoint | 1 Cellos | 2024-11-21 | 6.5 Medium |
| Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system. | ||||
| CVE-2020-16248 | 1 Prometheus | 1 Blackbox Exporter | 2024-11-21 | 5.8 Medium |
| Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability | ||||
| CVE-2020-16171 | 1 Acronis | 1 Cyber Backup | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572. | ||||
| CVE-2020-15879 | 1 Bitwarden | 1 Server | 2024-11-21 | 7.5 High |
| Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). | ||||
| CVE-2020-15823 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | ||||
| CVE-2020-15822 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.3 High |
| In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | ||||
| CVE-2020-15819 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | ||||
| CVE-2020-15809 | 1 Spinetix | 11 Diva, Diva Firmware, Dsos and 8 more | 2024-11-21 | 6.5 Medium |
| spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd. | ||||
| CVE-2020-15772 | 1 Gradle | 1 Enterprise | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery. | ||||
| CVE-2020-15377 | 1 Broadcom | 1 Sannav | 2024-11-21 | 9.8 Critical |
| Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | ||||
| CVE-2020-15297 | 1 Bitdefender | 1 Update Server | 2024-11-21 | 7.1 High |
| Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. | ||||
| CVE-2020-15152 | 1 Ftp-srv Project | 1 Ftp-srv | 2024-11-21 | 9.1 Critical |
| ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. More information can be found on the linked advisory. | ||||