CWE:
 

Tytuł
Data
Autor
Med.
OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
17.07.2021
Martin Heiland
Med.
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
17.09.2020
Julien Ahrens
Low
OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation
16.06.2020
Martin Heiland
High
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
14.07.2018
Alt3kx
Low
SPIP 3.1.2 Server Side Request Forgery
20.10.2016
Nicolas CHATELAIN
Low
Google Docs XSPA / SSRF
10.09.2016
Ashiyane Digital Secur...
Low
Infoware MapSuite Server-Side Request Forgery
04.06.2014
Christian


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-01-18
Low
CVE-2021-39927

Vendor: Gitlab
Software: Gitlab
 

 
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.x, between 14.5.0 and 14.5.x, and between 14.6.0 and 14.6.x would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443

 
Medium
CVE-2021-45394

Vendor: Html2pdf project
Software: Html2pdf
 

 
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document.

 
2022-01-10
Medium
CVE-2022-0132

Vendor: Framasoft
Software: Peertube
 

 
peertube is vulnerable to Server-Side Request Forgery (SSRF)

 
2022-01-06
Medium
CVE-2021-27738

Vendor: Apache
Software: Kylin
 

 
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2.

 
2022-01-04
Medium
CVE-2022-0086

Vendor: Transloadit
Software: UPPY
 

 
uppy is vulnerable to Server-Side Request Forgery (SSRF)

 
2021-12-22
Medium
CVE-2021-44659

Vendor: Thoughtworks
Software: GOCD
 

 
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF)

 
2021-12-17
Medium
CVE-2021-22054

Vendor: Vmware
Software: Workspace on...
 

 
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

 
2021-12-16
Medium
CVE-2021-3959

Vendor: Bitdefender
Software: Gravityzone
 

 
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272

 
2021-12-14
Low
CVE-2021-34425

Updating...
 

 

 
2021-12-13
Medium
CVE-2021-39057

Updating...
 

 
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top