ReportizFlow
Filtered by vendor
Subscriptions
Total
1333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8205 | 1 Transloadit | 1 Uppy | 2024-11-21 | 7.5 High |
| The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems. | ||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 6.5 Medium |
| A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | ||||
| CVE-2020-8135 | 1 Uppy | 1 Uppy | 2024-11-21 | 9.8 Critical |
| The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems. | ||||
| CVE-2020-8134 | 1 Ghost | 1 Ghost | 2024-11-21 | 8.1 High |
| Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. | ||||
| CVE-2020-8128 | 1 Jsreport | 1 Jsreport | 2024-11-21 | 9.8 Critical |
| An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. | ||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-11-21 | 5.0 Medium |
| An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | ||||
| CVE-2020-7796 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 9.8 Critical |
| Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | ||||
| CVE-2020-7740 | 1 Node-pdf-generator Project | 1 Node-pdf-generator | 2024-11-21 | 8.2 High |
| This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack. | ||||
| CVE-2020-7739 | 1 Phantomjs-seo Project | 1 Phantomjs-seo | 2024-11-21 | 8.2 High |
| This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. | ||||
| CVE-2020-7329 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 7.2 High |
| Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. | ||||
| CVE-2020-7328 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 7.2 High |
| External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. | ||||
| CVE-2020-7126 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 5.8 Medium |
| A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | ||||
| CVE-2020-6308 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.3 Medium |
| SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability. | ||||
| CVE-2020-6282 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.8 Medium |
| SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. | ||||
| CVE-2020-6275 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 9.8 Critical |
| SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. | ||||
| CVE-2020-5784 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 6.5 Medium |
| Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs. | ||||
| CVE-2020-5775 | 1 Instructure | 1 Canvas Learning Management Service | 2024-11-21 | 5.8 Medium |
| Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. | ||||
| CVE-2020-5562 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.9 Medium |
| Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function. | ||||
| CVE-2020-5014 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 6.7 Medium |
| IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247. | ||||
| CVE-2020-4974 | 1 Ibm | 9 Engineering Lifecycle Optimization - Engineering Insights, Engineering Requirements Quality Assistant On-premises, Engineering Test Management and 6 more | 2024-11-21 | 6.3 Medium |
| IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434. | ||||