Total
1137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10955 | 1 Rockwellautomation | 11 Compactlogix 5370 L1, Compactlogix 5370 L1 Firmware, Compactlogix 5370 L2 and 8 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine. | |||||
| CVE-2019-10856 | 1 Jupyter | 1 Notebook | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. | |||||
| CVE-2019-10751 | 1 Httpie | 1 Httpie | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. | |||||
| CVE-2019-10721 | 1 Dotnetblogengine | 1 Blogengine.net | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. | |||||
| CVE-2019-10372 | 1 Jenkins | 1 Gitlab Oauth | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | |||||
| CVE-2019-10255 | 1 Jupyter | 2 Jupyterhub, Notebook | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. | |||||
| CVE-2019-10133 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.8 MEDIUM | 3.1 LOW |
| A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs. | |||||
| CVE-2019-10117 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. | |||||
| CVE-2019-10098 | 1 Apache | 1 Http Server | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. | |||||
| CVE-2019-1020016 | 1 Ash-aio Project | 1 Ash-aio | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| ASH-AIO before 2.0.0.3 allows an open redirect. | |||||
| CVE-2019-1010290 | 1 Cmsmadesimple | 1 Bable\ | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing. | |||||
| CVE-2019-0540 | 1 Microsoft | 5 Excel Viewer, Office, Office 365 Proplus and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | |||||
| CVE-2018-8937 | 1 Open-audit | 1 Open-audit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code. | |||||
| CVE-2018-8913 | 1 Synology | 1 Web Station | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL. | |||||
| CVE-2018-8813 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 4.9 MEDIUM | 4.8 MEDIUM |
| Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL. | |||||
| CVE-2018-7804 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing. | |||||
| CVE-2018-7797 | 1 Schneider-electric | 3 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Ecostruxure Power Scada Operation | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site. | |||||
| CVE-2018-7692 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | |||||
| CVE-2018-7674 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.8 MEDIUM | 2.1 LOW |
| The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. | |||||
| CVE-2018-7473 | 1 Soconnect | 2 Sowifi Hotspot, Sowifi Hotspot Firmware | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. | |||||