Total
1285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29864 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 6.1 Medium |
| IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089 | ||||
| CVE-2021-29652 | 1 Pomerium | 1 Pomerium | 2024-11-21 | 6.1 Medium |
| Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process | ||||
| CVE-2021-29651 | 1 Pomerium | 1 Pomerium | 2024-11-21 | 6.1 Medium |
| Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). | ||||
| CVE-2021-29622 | 2 Prometheus, Redhat | 2 Prometheus, Openshift | 2024-11-21 | 6.5 Medium |
| Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus. | ||||
| CVE-2021-29456 | 1 Authelia | 1 Authelia | 2024-11-21 | 5.7 Medium |
| Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any domain, including potentially malicious sites. This security issue does not directly impact the security of the web application itself. As a workaround, one can use a reverse proxy to strip the query parameter from the affected endpoint. There is a patch for version 4.28.0. | ||||
| CVE-2021-29217 | 1 Hpe | 1 Oneview Global Dashboard | 2024-11-21 | 6.1 Medium |
| A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | ||||
| CVE-2021-29137 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.1 Medium |
| A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | ||||
| CVE-2021-28861 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Python, Enterprise Linux and 1 more | 2024-11-21 | 7.4 High |
| Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." | ||||
| CVE-2021-28125 | 1 Apache | 1 Superset | 2024-11-21 | 6.1 Medium |
| Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link. | ||||
| CVE-2021-27612 | 1 Sap | 1 Gui For Windows | 2024-11-21 | 6.1 Medium |
| In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim. | ||||
| CVE-2021-27515 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 5.3 Medium |
| url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | ||||
| CVE-2021-27404 | 1 Asus | 2 Askey Rtf8115vw, Askey Rtf8115vw Firmware | 2024-11-21 | 6.1 Medium |
| Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. | ||||
| CVE-2021-27352 | 1 Ilch | 1 Ilch Cms | 2024-11-21 | 5.4 Medium |
| An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login. | ||||
| CVE-2021-25757 | 1 Jetbrains | 1 Hub | 2024-11-21 | 6.1 Medium |
| In JetBrains Hub before 2020.1.12629, an open redirect was possible. | ||||
| CVE-2021-25737 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 2.7 Low |
| A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. | ||||
| CVE-2021-25655 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | 4.4 Medium |
| A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | ||||
| CVE-2021-25640 | 1 Apache | 1 Dubbo | 2024-11-21 | 6.1 Medium |
| In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | ||||
| CVE-2021-25111 | 1 English Wordpress Admin Project | 1 English Wordpress Admin | 2024-11-21 | 6.1 Medium |
| The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue | ||||
| CVE-2021-25074 | 1 Webp Converter For Media Project | 1 Webp Converter For Media | 2024-11-21 | 6.1 Medium |
| The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue | ||||
| CVE-2021-25033 | 1 Noptin | 1 Noptin | 2024-11-21 | 6.1 Medium |
| The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue | ||||