CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2021/02/23 6:54 p.m.•17 views

CVE-2021-27583

In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7AI score0.011EPSS

CVE•added 2021/02/23 6:54 p.m.•42 views

CVE-2021-27583

Directus 8.x–8.8.1 is affected by a vulnerability where the password reset feature can be leveraged to determine if a given user exists in the database. The issue is confirmed across multiple sources (NVD/Red Hat/OSV/etc.) and is constrained to products no longer supported by the maintainer. The ...

5.3CVSS5.3AI score0.011EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/02/23 6:54 p.m.•20 views

CVE-2021-27583

5.7AI score0.011EPSS

CNNVD•added 2021/02/23 12:0 a.m.•13 views

Directus Information Disclosure Vulnerability

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus version 8.x prior to version 8.8.1, which can be exploited by an attacker to view all users in the CMS using API user id...

7.5CVSS7.1AI score0.01381EPSS

Positive Technologies•added 2021/02/23 12:0 a.m.•4 views

PT-2021-17066 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 8.x through 8.8.1 Description: The issue allows an attacker to see all users in the CMS using the API endpoint "/users/id". For each call, they get in response a lot of information about the user, such as email address, firs...

7.5CVSS6.5AI score0.01381EPSS

Exploits1References8

Positive Technologies•added 2021/02/23 12:0 a.m.•3 views

PT-2021-17067 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 8.x through 8.8.1 Description: An issue exists where an attacker can switch to the administrator role without any control by the back end, using the PATCH method. This issue only affects products that are no longer supported...

8.8CVSS7AI score0.01165EPSS

Exploits1References6

CNNVD•added 2021/02/23 12:0 a.m.•4 views

Directus Security Vulnerabilities

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in version 8.x of Directus prior to version 8.8.1, which can be exploited by an attacker to learn sensitive information by viewing the results of an api-aa...

5.3CVSS6AI score0.00702EPSS

CNNVD•added 2021/02/23 12:0 a.m.•4 views

Directus Security Vulnerabilities

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions 8.x through 8.8.1, which can be exploited by an attacker to switch to the administrator role...

8.8CVSS7.3AI score0.01165EPSS

CNNVD•added 2021/02/23 12:0 a.m.•3 views

Directus Information Disclosure Vulnerability

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions 8.x through 8.8.1, which can be exploited by an attacker to discover the presence of a user in a database via the password reset...

5.3CVSS6AI score0.011EPSS

Positive Technologies•added 2021/02/23 12:0 a.m.•6 views

PT-2021-17522 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 8.x through 8.8.1 Description: An attacker can discover whether a user is present in the database through the password reset feature. This issue only affects products that are no longer supported by the maintainer...

5.3CVSS7.1AI score0.011EPSS

Exploits1References7

CNVD•added 2019/07/23 12:0 a.m.•4 views

RANGER Studio Directus Code Execution Vulnerability

RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. A security vulnerability exists in RANGER Studio Directus versi...

8.8CVSS7.5AI score0.0245EPSS

5.3CVSS6.4AI score0.01103EPSS

RANGER Studio Directus Cross-Site Scripting Vulnerability

RANGER Studio Directus is the United States RANGER Studio company's set of open source for managing custom databases open source headless CMS and API. A cross-site scripting vulnerability exists in the interfaces/markdown/input.vue file in RANGER Studio Directus version 7 prior to Application...

Exploits0References1

9.8CVSS7.3AI score0.01462EPSS

RANGER Studio Directus License Issue Vulnerability

RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. An authorization issue vulnerability exists in the Directus 7...

Exploits0References1

CNVD•added 2019/07/23 12:0 a.m.•3 views

Unspecified Vulnerability in RANGER Studio Directus

8.8CVSS7.5AI score0.01608EPSS

8.8CVSS7.6AI score0.02577EPSS

RANGER Studio Directus Code Execution Vulnerability (CNVD-2019-39679)

5.3CVSS6.7AI score0.015EPSS

RANGER Studio Directus Information Disclosure Vulnerability

RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. An information disclosure vulnerability exists in RANGER Studio...