Total
1491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8902 | 1 Google | 1 Rendertron | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain. | |||||
| CVE-2020-8830 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | |||||
| CVE-2020-8555 | 2 Fedoraproject, Kubernetes | 2 Fedora, Kubernetes | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
| The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). | |||||
| CVE-2020-8544 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite through 7.10.3 allows SSRF. | |||||
| CVE-2020-8540 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | |||||
| CVE-2020-8464 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | |||||
| CVE-2020-8226 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. | |||||
| CVE-2020-8205 | 1 Transloadit | 1 Uppy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems. | |||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | |||||
| CVE-2020-8135 | 1 Uppy | 1 Uppy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems. | |||||
| CVE-2020-8134 | 1 Ghost | 1 Ghost | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. | |||||
| CVE-2020-8128 | 1 Jsreport | 1 Jsreport | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. | |||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
| An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | |||||
| CVE-2020-7796 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | |||||
| CVE-2020-7740 | 1 Node-pdf-generator Project | 1 Node-pdf-generator | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack. | |||||
| CVE-2020-7739 | 1 Phantomjs-seo Project | 1 Phantomjs-seo | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. | |||||
| CVE-2020-7329 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. | |||||
| CVE-2020-7328 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. | |||||
| CVE-2020-7126 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-6308 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability. | |||||