Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4598 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2020-08-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823. | |||||
| CVE-2020-4653 | 1 Ibm | 1 Planning Analytics | 2020-08-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2019-0540 | 1 Microsoft | 5 Excel Viewer, Office, Office 365 Proplus and 2 more | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | |||||
| CVE-2018-20698 | 1 Search-guard | 1 Search Guard | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set. | |||||
| CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | |||||
| CVE-2019-6781 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails. | |||||
| CVE-2018-0924 | 1 Microsoft | 1 Exchange Server | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941. | |||||
| CVE-2016-1000108 | 2 Debian, Yaws | 2 Debian Linux, Yaws | 2020-08-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
| CVE-2017-11482 | 1 Elastic | 1 Kibana | 2020-08-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | |||||
| CVE-2019-14857 | 1 Mod Auth Openidc Project | 1 Mod Auth Openidc | 2020-07-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. | |||||
| CVE-2020-7520 | 1 Schneider-electric | 1 Software Update Utility | 2020-07-28 | 4.0 MEDIUM | 4.7 MEDIUM |
| A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. | |||||
| CVE-2019-14223 | 1 Alfresco | 1 Alfresco | 2020-07-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). | |||||
| CVE-2019-12783 | 1 Verint | 1 Impact 360 | 2020-07-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site. | |||||
| CVE-2020-5607 | 1 Ss-proj | 1 Shirasagi | 2020-07-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2020-11882 | 1 Telefonica | 1 O2 Business | 2020-07-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user. | |||||
| CVE-2020-4037 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2020-07-07 | 5.8 MEDIUM | 5.4 MEDIUM |
| In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. This has been fixed in version 6.0.0. | |||||
| CVE-2017-18891 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link. | |||||
| CVE-2017-18897 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. | |||||
| CVE-2019-19613 | 1 Halvotec | 1 Raquest | 2020-06-25 | 4.3 MEDIUM | 5.2 MEDIUM |
| An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request on the wire. Fixed in Release 24.2020.20608.0 | |||||
| CVE-2020-14454 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | |||||