Total
643 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3552 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1. | |||||
| CVE-2021-3204 | 1 Webware | 1 Webdesktop | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. | |||||
| CVE-2021-39935 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 6.8 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API | |||||
| CVE-2021-39894 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. | |||||
| CVE-2021-39867 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. | |||||
| CVE-2021-39339 | 1 Telefication | 1 Telefication | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0. | |||||
| CVE-2021-39051 | 1 Ibm | 1 Spectrum Copy Data Management | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441. | |||||
| CVE-2021-37940 | 1 Elastic | 1 Enterprise Search | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible. | |||||
| CVE-2021-37223 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. | |||||
| CVE-2021-36761 | 1 Qlik | 1 Qlik Sense | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF. | |||||
| CVE-2021-36349 | 1 Dell | 1 Emc Data Protection Central | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts. | |||||
| CVE-2021-36327 | 1 Dell | 1 Emc Streaming Data Platform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | |||||
| CVE-2021-36203 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2024-11-21 | 6.4 MEDIUM | 5.3 MEDIUM |
| The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. | |||||
| CVE-2021-35512 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | |||||
| CVE-2021-34811 | 1 Synology | 1 Download Station | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
| CVE-2021-34808 | 1 Synology | 1 Media Server | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. | |||||
| CVE-2021-34425 | 5 Apple, Google, Linux and 2 more | 6 Iphone Os, Macos, Android and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.7 MEDIUM |
| The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. | |||||
| CVE-2021-33510 | 1 Plone | 1 Plone | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. | |||||
| CVE-2021-33213 | 1 Element-it | 1 Http Commander | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address. | |||||
| CVE-2021-33181 | 1 Synology | 1 Video Station | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. | |||||