Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38208 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 6.1 Medium |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | ||||
| CVE-2022-38201 | 1 Esri | 1 Arcgis Quickcapture | 2024-11-21 | 6.1 Medium |
| An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain. | ||||
| CVE-2022-38197 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 6.1 Medium |
| Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. | ||||
| CVE-2022-38131 | 1 Rstudio | 1 Connect | 2024-11-21 | 6.1 Medium |
| RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. | ||||
| CVE-2022-37927 | 1 Hpe | 1 Oneview Global Dashboard | 2024-11-21 | 6.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). | ||||
| CVE-2022-36316 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. | ||||
| CVE-2022-36087 | 3 Fedoraproject, Oauthlib Project, Redhat | 3 Fedora, Oauthlib, Enterprise Linux | 2024-11-21 | 5.7 Medium |
| OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds. | ||||
| CVE-2022-36029 | 2024-11-21 | 9.1 Critical | ||
| Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. | ||||
| CVE-2022-36028 | 2024-11-21 | 9.1 Critical | ||
| Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. | ||||
| CVE-2022-35953 | 1 Joinbookwyrm | 1 Bookwyrm | 2024-11-21 | 7.1 High |
| BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5. | ||||
| CVE-2022-35652 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 6.1 Medium |
| An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. | ||||
| CVE-2022-35406 | 1 Portswigger | 1 Burp Suite | 2024-11-21 | 4.3 Medium |
| A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect. | ||||
| CVE-2022-34474 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. | ||||
| CVE-2022-33987 | 2 Got Project, Redhat | 4 Got, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 5.3 Medium |
| The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. | ||||
| CVE-2022-33712 | 2 Google, Samsung | 2 Android, Camera | 2024-11-21 | 5.3 Medium |
| Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. | ||||
| CVE-2022-33146 | 1 Web2py | 1 Web2py | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | ||||
| CVE-2022-32444 | 1 Yuba | 1 U5cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | ||||
| CVE-2022-31735 | 1 Osstech | 1 Openam | 2024-11-21 | 6.1 Medium |
| OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website. | ||||
| CVE-2022-31657 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | 9.8 Critical |
| VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. | ||||
| CVE-2022-31193 | 1 Duraspace | 1 Dspace | 2024-11-21 | 7.1 High |
| DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability. | ||||