Total
1836 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29847 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | 7.5 High |
| In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. | ||||
| CVE-2022-29612 | 1 Sap | 2 Host Agent, Netweaver Abap | 2024-11-21 | 4.3 Medium |
| SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. | ||||
| CVE-2022-29556 | 1 Northern.tech | 1 Mender | 2024-11-21 | 9.8 Critical |
| The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. | ||||
| CVE-2022-29153 | 2 Fedoraproject, Hashicorp | 2 Fedora, Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5. | ||||
| CVE-2022-28997 | 1 Cszcms | 1 Cszcms | 2024-11-21 | 7.5 High |
| CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. | ||||
| CVE-2022-28616 | 1 Hp | 1 Oneview | 2024-11-21 | 9.8 Critical |
| A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | ||||
| CVE-2022-28217 | 1 Sap | 1 Netweaver | 2024-11-21 | 6.5 Medium |
| Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by causing system to crash. | ||||
| CVE-2022-28117 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 4.9 Medium |
| A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. | ||||
| CVE-2022-28090 | 1 Ujcms | 1 Jspxcms | 2024-11-21 | 6.5 Medium |
| Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. | ||||
| CVE-2022-27907 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 4.3 Medium |
| Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | ||||
| CVE-2022-27780 | 3 Haxx, Netapp, Splunk | 15 Curl, Clustered Data Ontap, H300s and 12 more | 2024-11-21 | 7.5 High |
| The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. | ||||
| CVE-2022-27469 | 1 Monstaftp | 1 Monsta Ftp | 2024-11-21 | 9.8 Critical |
| Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). | ||||
| CVE-2022-27429 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 9.8 Critical |
| Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | ||||
| CVE-2022-27426 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 8.8 High |
| A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. | ||||
| CVE-2022-27311 | 1 Gibbon Project | 1 Gibbon | 2024-11-21 | 9.8 Critical |
| Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. | ||||
| CVE-2022-27245 | 1 Misp | 1 Misp | 2024-11-21 | 8.8 High |
| An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. | ||||
| CVE-2022-26499 | 2 Debian, Digium | 2 Debian Linux, Asterisk | 2024-11-21 | 9.1 Critical |
| An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. | ||||
| CVE-2022-26135 | 1 Atlassian | 4 Jira Data Center, Jira Server, Jira Service Desk and 1 more | 2024-11-21 | 6.5 Medium |
| A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4. | ||||
| CVE-2022-25876 | 1 Link-preview-js Project | 1 Link-preview-js | 2024-11-21 | 6.2 Medium |
| The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection. | ||||
| CVE-2022-25850 | 1 Proxyscotch Project | 1 Proxyscotch | 2024-11-21 | 7.5 High |
| The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server. | ||||