Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-28 | CVE-2017-15886 | Server-Side Request Forgery (SSRF) vulnerability in Synology Chat Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | 6.5 |
| 2017-12-15 | CVE-2017-17697 | Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | 8.6 |
| 2017-12-12 | CVE-2017-16678 | Server-Side Request Forgery (SSRF) vulnerability in SAP products Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | 4.7 |
| 2017-12-11 | CVE-2017-15943 | Server-Side Request Forgery (SSRF) vulnerability in Paloaltonetworks Pan-Os The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | 5.3 |
| 2017-12-09 | CVE-2017-11291 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Connect An issue was discovered in Adobe Connect 9.6.2 and earlier versions. | 10.0 |
| 2017-11-27 | CVE-2017-14585 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Hipchat Data Center and Hipchat Server A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. | 7.2 |
| 2017-11-17 | CVE-2017-4928 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 5.5/6.0 The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. | 7.5 |
| 2017-11-17 | CVE-2017-16870 | Server-Side Request Forgery (SSRF) vulnerability in Updraftplus The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. | 8.1 |
| 2017-11-17 | CVE-2017-1000237 | Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | 9.8 |
| 2017-11-13 | CVE-2017-0907 | Server-Side Request Forgery (SSRF) vulnerability in Recurly Client .Net The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | 9.8 |