Total
833 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12643 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. | |||||
| CVE-2020-11659 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | |||||
| CVE-2020-11658 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | |||||
| CVE-2020-11589 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only. | |||||
| CVE-2020-11585 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter. | |||||
| CVE-2020-11009 | 1 Pagerduty | 1 Rundeck | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have access to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have access to any projects, or project access is restricted, there is a larger issue. If access is meant to be restricted and secrets, sensitive data, or intellectual property are exposed in Rundeck execution output and job data, the risk becomes much higher. This vulnerability is patched in version 3.2.6 | |||||
| CVE-2020-10779 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms. | |||||
| CVE-2020-10130 | 1 Searchblox | 1 Searchblox | 2024-11-21 | N/A | 8.8 HIGH |
| SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | |||||
| CVE-2019-9938 | 1 Ushareit | 1 Shareit | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device." | |||||
| CVE-2019-9921 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. | |||||
| CVE-2019-9756 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732. | |||||
| CVE-2019-9219 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5). | |||||
| CVE-2019-9170 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. | |||||
| CVE-2019-8235 | 1 Magento | 1 Magento | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input. | |||||
| CVE-2019-7950 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information. | |||||
| CVE-2019-7925 | 1 Magento | 1 Magento | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
| An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder. | |||||
| CVE-2019-7890 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. | |||||
| CVE-2019-7872 | 1 Magento | 1 Magento | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing user details. | |||||
| CVE-2019-7864 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. | |||||
| CVE-2019-7854 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details. | |||||