Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15657 | 1 42gears | 1 Suremdm | 2019-02-21 | 1.9 LOW | 7.3 HIGH |
| An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. | |||||
| CVE-2019-8982 | 1 Wavemaker | 1 Wavemarker Studio | 2019-02-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. | |||||
| CVE-2018-15517 | 1 D-link | 1 Central Wifimanager | 2019-02-21 | 5.0 MEDIUM | 8.6 HIGH |
| The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. | |||||
| CVE-2018-20436 | 1 Telegram | 2 Telegram, Web | 2019-02-14 | 6.8 MEDIUM | 8.1 HIGH |
| ** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the "Secret chats > Preview links" setting. | |||||
| CVE-2018-18843 | 1 Gitlab | 1 Gitlab | 2019-02-05 | 7.5 HIGH | 10.0 CRITICAL |
| The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. | |||||
| CVE-2019-5725 | 1 Qibosoft | 1 Qibosoft | 2019-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file. | |||||
| CVE-2018-19047 | 1 Mpdf Project | 1 Mpdf | 2019-02-01 | 7.5 HIGH | 10.0 CRITICAL |
| ** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble." | |||||
| CVE-2018-12609 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-01-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | |||||
| CVE-2018-1000422 | 1 Atlassian | 1 Crowd2 | 2019-01-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | |||||
| CVE-2018-1000421 | 1 Apache | 1 Mesos | 2019-01-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2018-20596 | 1 Jspxcms | 1 Jspxcms | 2019-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Jspxcms v9.0.0 allows SSRF. | |||||
| CVE-2018-18753 | 1 Typecho | 1 Typecho | 2019-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. | |||||
| CVE-2018-20228 | 1 Subsonic | 1 Subsonic | 2019-01-24 | 6.0 MEDIUM | 8.0 HIGH |
| Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. | |||||
| CVE-2018-18646 | 1 Gitlab | 1 Gitlab | 2018-12-27 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. | |||||
| CVE-2018-19651 | 1 Interspire | 1 Email Marketer | 2018-12-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL. | |||||
| CVE-2018-18867 | 1 Tecrail | 1 Responsive Filemanager | 2018-12-07 | 5.0 MEDIUM | 8.6 HIGH |
| An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. | |||||
| CVE-2018-2463 | 1 Sap | 1 Hybris | 2018-11-29 | 5.0 MEDIUM | 8.6 HIGH |
| The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. | |||||
| CVE-2018-16793 | 1 Microsoft | 1 Exchange Server | 2018-11-20 | 5.0 MEDIUM | 8.6 HIGH |
| Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | |||||
| CVE-2018-16794 | 1 Microsoft | 2 Active Directory Federation Services, Windows Server 2016 | 2018-11-20 | 5.0 MEDIUM | 8.6 HIGH |
| Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | |||||
| CVE-2018-15895 | 1 Icmsdev | 1 Icms | 2018-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. | |||||