Total
834 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40352 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 Medium |
| OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users. | ||||
| CVE-2021-40325 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | 7.5 High |
| Cobbler before 3.3.0 allows authorization bypass for modification of settings. | ||||
| CVE-2021-3992 | 1 Kimai2 Project | 1 Kimai2 | 2024-11-21 | 6.5 Medium |
| kimai2 is vulnerable to Improper Access Control | ||||
| CVE-2021-3965 | 1 Hp | 54 Designjet T1530 L2y23a, Designjet T1530 L2y23a Firmware, Designjet T1530 L2y24a and 51 more | 2024-11-21 | 7.5 High |
| Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews. | ||||
| CVE-2021-3964 | 1 Elgg | 1 Elgg | 2024-11-21 | 5.9 Medium |
| elgg is vulnerable to Authorization Bypass Through User-Controlled Key | ||||
| CVE-2021-3852 | 1 Weseek | 1 Growi | 2024-11-21 | 7.5 High |
| growi is vulnerable to Authorization Bypass Through User-Controlled Key | ||||
| CVE-2021-3813 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 6.5 Medium |
| Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | ||||
| CVE-2021-3380 | 1 Height8tech | 1 H8 Ssrms | 2024-11-21 | 6.5 Medium |
| Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality. | ||||
| CVE-2021-39934 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | ||||
| CVE-2021-39916 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | ||||
| CVE-2021-39889 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch. | ||||
| CVE-2021-39225 | 1 Nextcloud | 1 Deck | 2024-11-21 | 8.1 High |
| Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading. | ||||
| CVE-2021-38624 | 1 Microsoft | 11 Windows 10, Windows 10 1809, Windows 10 1909 and 8 more | 2024-11-21 | 6.5 Medium |
| Windows Key Storage Provider Security Feature Bypass Vulnerability | ||||
| CVE-2021-38362 | 1 Rsa | 1 Archer | 2024-11-21 | 6.5 Medium |
| In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. | ||||
| CVE-2021-37777 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 7.5 High |
| Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure. | ||||
| CVE-2021-37709 | 1 Shopware | 1 Shopware | 2024-11-21 | 6.5 Medium |
| Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | ||||
| CVE-2021-37631 | 1 Nextcloud | 1 Deck | 2024-11-21 | 6.5 Medium |
| Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access to boards that have been shared with a Circle, even if the user was not a member of the circle. It is recommended that Nextcloud Deck is upgraded to 1.5.1, 1.4.4 or 1.2.9. If you are unable to update it is advised to disable the Deck plugin. | ||||
| CVE-2021-37630 | 1 Nextcloud | 1 Circles | 2024-11-21 | 6.5 Medium |
| Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is upgraded to 0.19.15, 0.20.11 or 0.21.4. There are no workarounds for this issue. | ||||
| CVE-2021-37628 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | 7.5 High |
| Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application. | ||||
| CVE-2021-37331 | 1 Bookingcore | 1 Booking Core | 2024-11-21 | 5.3 Medium |
| Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL. | ||||