Total
1532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15728 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server. | |||||
| CVE-2019-15494 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | |||||
| CVE-2019-15164 | 1 Tcpdump | 1 Libpcap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. | |||||
| CVE-2019-15033 | 1 Pydio | 1 Pydio | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring. | |||||
| CVE-2019-15021 | 1 Zingbox | 1 Inspector | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. | |||||
| CVE-2019-14704 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field. | |||||
| CVE-2019-14476 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems. | |||||
| CVE-2019-14255 | 1 Go-camo Project | 1 Go-camo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints. | |||||
| CVE-2019-14225 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| OX App Suite 7.10.1 and 7.10.2 allows SSRF. | |||||
| CVE-2019-13335 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | |||||
| CVE-2019-13121 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. | |||||
| CVE-2019-13020 | 1 Trms | 1 Tightrope Media Carousel | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
| The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet. | |||||
| CVE-2019-12996 | 1 Mendix | 1 Mendix | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. | |||||
| CVE-2019-12994 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | |||||
| CVE-2019-12959 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | |||||
| CVE-2019-12852 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. | |||||
| CVE-2019-12633 | 1 Cisco | 1 Unified Contact Center Express | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions. | |||||
| CVE-2019-12632 | 1 Cisco | 1 Finesse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions. | |||||
| CVE-2019-12443 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks. | |||||
| CVE-2019-12161 | 1 Webpagetest | 1 Webpagetest | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). | |||||