Total
966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8951 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056). | |||||
| CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | |||||
| CVE-2019-4166 | 1 Ibm | 1 Storediq | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699. | |||||
| CVE-2019-5946 | 1 Cybozu | 1 Garoon | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen. | |||||
| CVE-2019-3477 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. | |||||
| CVE-2019-13422 | 1 Search-guard | 1 Search Guard | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. | |||||
| CVE-2019-15820 | 1 Login Or Logout Menu Item Project | 1 Login Or Logout Menu Item | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. | |||||
| CVE-2019-10856 | 1 Jupyter | 1 Notebook | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. | |||||
| CVE-2019-14912 | 1 Prise | 1 Adas | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie. | |||||
| CVE-2019-10255 | 1 Jupyter | 2 Jupyterhub, Notebook | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. | |||||
| CVE-2019-15773 | 1 Travel Management Project | 1 Travel Management | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | |||||
| CVE-2019-1943 | 1 Cisco | 114 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 111 more | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | |||||
| CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | |||||
| CVE-2016-6154 | 2 Microsoft, Watchguard | 2 Windows, Fireware | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | |||||
| CVE-2018-20698 | 1 Search-guard | 1 Search Guard | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set. | |||||
| CVE-2018-12621 | 1 Eventum Project | 1 Eventum | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter. | |||||
| CVE-2018-17422 | 1 Dotcms | 1 Dotcms | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | |||||
| CVE-2019-4201 | 1 Ibm | 1 Jazz For Service Management | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122. | |||||
| CVE-2019-6009 | 1 Ss-proj | 1 Shirasagi | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2019-4153 | 1 Ibm | 1 Security Access Manager | 2024-02-04 | 3.5 LOW | 6.8 MEDIUM |
| IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517. | |||||