ReportizFlow
Filtered by vendor
Subscriptions
Total
1333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39152 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-11-21 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | ||||
| CVE-2021-39150 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-11-21 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | ||||
| CVE-2021-39057 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 8.1 High |
| IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. | ||||
| CVE-2021-39051 | 1 Ibm | 1 Spectrum Copy Data Management | 2024-11-21 | 6.5 Medium |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441. | ||||
| CVE-2021-37940 | 1 Elastic | 1 Enterprise Search | 2024-11-21 | 6.8 Medium |
| An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible. | ||||
| CVE-2021-37711 | 1 Shopware | 1 Shopware | 2024-11-21 | 8.8 High |
| Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | ||||
| CVE-2021-37498 | 1 Reprisesoftware | 1 Reprise License Manager | 2024-11-21 | 6.5 Medium |
| An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. | ||||
| CVE-2021-37419 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 High |
| Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | ||||
| CVE-2021-37353 | 1 Nagios | 1 Nagios Xi Docker Wizard | 2024-11-21 | 9.8 Critical |
| Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. | ||||
| CVE-2021-37223 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 Medium |
| Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. | ||||
| CVE-2021-37104 | 1 Huawei | 2 P40, P40 Firmware | 2024-11-21 | 7.5 High |
| There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do. | ||||
| CVE-2021-36761 | 1 Qlik | 1 Qlik Sense | 2024-11-21 | 5.3 Medium |
| The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF. | ||||
| CVE-2021-36396 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 High |
| In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | ||||
| CVE-2021-36349 | 1 Dell | 1 Emc Data Protection Central | 2024-11-21 | 4.3 Medium |
| Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts. | ||||
| CVE-2021-36327 | 1 Dell | 1 Emc Streaming Data Platform | 2024-11-21 | 5.3 Medium |
| Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | ||||
| CVE-2021-36203 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2024-11-21 | 5.3 Medium |
| The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. | ||||
| CVE-2021-36202 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | 8.4 High |
| Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2. | ||||
| CVE-2021-36043 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 8 High |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be enabled. | ||||
| CVE-2021-35512 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 Medium |
| An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | ||||
| CVE-2021-35391 | 1 Deskpro | 1 Deskpro | 2024-11-21 | 7.2 High |
| Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL. | ||||