ReportizFlow
Filtered by vendor
Subscriptions
Total
718 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40579 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2024-11-21 | 6.5 Medium |
| https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote). | ||||
| CVE-2021-40355 | 1 Siemens | 1 Teamcenter Visualization | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly. | ||||
| CVE-2021-40352 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 Medium |
| OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users. | ||||
| CVE-2021-40325 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | 7.5 High |
| Cobbler before 3.3.0 allows authorization bypass for modification of settings. | ||||
| CVE-2021-3992 | 1 Kimai2 Project | 1 Kimai2 | 2024-11-21 | 6.5 Medium |
| kimai2 is vulnerable to Improper Access Control | ||||
| CVE-2021-3965 | 1 Hp | 54 Designjet T1530 L2y23a, Designjet T1530 L2y23a Firmware, Designjet T1530 L2y24a and 51 more | 2024-11-21 | 7.5 High |
| Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews. | ||||
| CVE-2021-3964 | 1 Elgg | 1 Elgg | 2024-11-21 | 5.9 Medium |
| elgg is vulnerable to Authorization Bypass Through User-Controlled Key | ||||
| CVE-2021-3852 | 1 Weseek | 1 Growi | 2024-11-21 | 7.5 High |
| growi is vulnerable to Authorization Bypass Through User-Controlled Key | ||||
| CVE-2021-3813 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 6.5 Medium |
| Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | ||||
| CVE-2021-3380 | 1 Height8tech | 1 H8 Ssrms | 2024-11-21 | 6.5 Medium |
| Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality. | ||||
| CVE-2021-39934 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | ||||
| CVE-2021-39916 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | ||||
| CVE-2021-39889 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch. | ||||
| CVE-2021-39226 | 3 Fedoraproject, Grafana, Redhat | 5 Fedora, Grafana, Enterprise Linux and 2 more | 2024-11-21 | 9.8 Critical |
| Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects. | ||||
| CVE-2021-39225 | 1 Nextcloud | 1 Deck | 2024-11-21 | 8.1 High |
| Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading. | ||||
| CVE-2021-38624 | 1 Microsoft | 11 Windows 10, Windows 10 1809, Windows 10 1909 and 8 more | 2024-11-21 | 6.5 Medium |
| Windows Key Storage Provider Security Feature Bypass Vulnerability | ||||
| CVE-2021-38362 | 1 Rsa | 1 Archer | 2024-11-21 | 6.5 Medium |
| In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. | ||||
| CVE-2021-37777 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 7.5 High |
| Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure. | ||||
| CVE-2021-37709 | 1 Shopware | 1 Shopware | 2024-11-21 | 6.5 Medium |
| Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | ||||
| CVE-2021-37631 | 1 Nextcloud | 1 Deck | 2024-11-21 | 6.5 Medium |
| Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access to boards that have been shared with a Circle, even if the user was not a member of the circle. It is recommended that Nextcloud Deck is upgraded to 1.5.1, 1.4.4 or 1.2.9. If you are unable to update it is advised to disable the Deck plugin. | ||||