Total
1171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 4.7 Medium |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | ||||
| CVE-2023-24735 | 1 Sigb | 1 Pmb | 2024-11-21 | 6.1 Medium |
| PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | ||||
| CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2024-11-21 | 5.4 Medium |
| An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | ||||
| CVE-2023-22641 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.1 Medium |
| A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specially crafted requests. | ||||
| CVE-2023-22265 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-22259 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-20886 | 1 Vmware | 1 Workspace One Uem | 2024-11-21 | 8.8 High |
| VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user. | ||||
| CVE-2023-20264 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-21 | 6.1 Medium |
| A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network. | ||||
| CVE-2023-1279 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.6 Low |
| An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. | ||||
| CVE-2022-4964 | 1 Canonical | 1 Ubuntu Pipewire-pulse | 2024-11-21 | 5.5 Medium |
| Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. | ||||
| CVE-2022-4589 | 1 Django Terms And Conditions Project | 1 Django Terms And Conditions | 2024-11-21 | 5.5 Medium |
| A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175. | ||||
| CVE-2022-45582 | 1 Openstack | 1 Horizon | 2024-11-21 | 6.1 Medium |
| Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | ||||
| CVE-2022-45169 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | 5.9 Medium |
| An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link. | ||||
| CVE-2022-44215 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | 6.1 Medium |
| There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. | ||||
| CVE-2022-43950 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 3.9 Low |
| A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. | ||||
| CVE-2022-40754 | 1 Apache | 1 Airflow | 2024-11-21 | 6.1 Medium |
| In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. | ||||
| CVE-2022-40083 | 1 Labstack | 1 Echo | 2024-11-21 | 9.6 Critical |
| Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). | ||||
| CVE-2022-3438 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 6.1 Medium |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | ||||
| CVE-2022-39814 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.1 Medium |
| In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | ||||
| CVE-2022-38779 | 1 Elastic | 1 Kibana | 2024-11-21 | 6.1 Medium |
| An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | ||||