Lucene search
K

943 matches found

Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.20 views

Atlassian Jira 8.0.0 < 8.5.7 Disclosure Of Private Project Titles

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.0.6 prior to version 7.13.16, 8.0.0 prior to 8.5.7, 8.6.0 prior to 8.9.2 or 8.10.0 prior to 8.10.1. It is, therefore, affected by a vulnerability which allow remote attackers to view...

4.3CVSS7.3AI score0.01215EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/08 12:0 a.m.12 views

Atlassian Jira 8.14.x < 8.20.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.20.0. It is, therefore, affected by multiple vulnerabilities: - A Insecure Direct Object References IDOR vulnerability which may allow unauthenticated remote attackers to vi...

7.5CVSS7.4AI score0.01621EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.5 views

PT-2023-18684 · WordPress · Wcfm Membership

Name of the Vulnerable Software and Affected Versions: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress versions up to, and including, 2.10.7 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to...

9.8CVSS9.3AI score0.01093EPSS
Exploits0References9
F5 Networks
F5 Networks
added 2023/02/21 5:37 p.m.61 views

K01948202: Linux kernel vulnerability CVE-2016-0728

Security Advisory Description The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via...

7.8CVSS6.7AI score0.03646EPSS
Exploits14
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.6 views

SUSE CVE-2018-5099

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefo...

7.5CVSS9.2AI score0.03066EPSS
Exploits0References9
NVD
NVD
added 2023/02/03 3:15 p.m.19 views

CVE-2022-34138

Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...

7.5CVSS7.5AI score0.00583EPSS
Exploits0References2
OSV
OSV
added 2023/02/03 3:15 p.m.4 views

CVE-2022-34138

Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References2
Prion
Prion
added 2023/02/03 3:15 p.m.17 views

Information disclosure

Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...

5CVSS7.5AI score0.00583EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/02/03 12:0 a.m.10 views

CVE-2022-34138

Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...

7AI score0.00583EPSS
Exploits0References2
CVE
CVE
added 2023/02/03 12:0 a.m.44 views

CVE-2022-34138

CVE-2022-34138 describes an insecure direct object reference (IDOR) in the web server of Biltema IP and Baby Camera Software version v124. The vulnerability allows an attacker to access sensitive information via the product’s web server. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

7.5CVSS7.4AI score0.00583EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/03 12:0 a.m.29 views

CVE-2022-34138

Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...

7.7AI score0.00583EPSS
Exploits0References2
Veracode
Veracode
added 2023/02/02 7:10 a.m.16 views

Improper Authorization

wallabag/wallabag is vulnerable to Improper Authorization. A remote attacker is able to gain access to unauthorized annotations from other users due to insecure direct object references which is made possible because of improper validation of the user permissions...

4.3CVSS5.3AI score0.00444EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/02/02 6:50 a.m.16 views

Improper Authorization

wallabag/wallabag is vulnerable to Improper Authorization. A remote attacker is able to gain access to unauthorized projects from other users due to insecure direct object references which is made possible because of improper validation of the user permissions...

4.3CVSS5.3AI score0.00637EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/01/30 12:0 a.m.16 views

WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0550 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 53344b864cc7 Credits Marco...

7.6CVSS6.5AI score0.0065EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-13785 · L Soft · Listserv 17

Name of the Vulnerable Software and Affected Versions: LISTSERV 17 Description: The LISTSERV 17 web interface is affected by an issue that allows remote attackers to conduct Insecure Direct Object References IDOR attacks. This is achieved via a modified email address in a "wa.exe" URL, resulting ...

7.5CVSS7.4AI score0.07195EPSS
Exploits4References6
Cvelist
Cvelist
added 2023/01/17 12:0 a.m.47 views

CVE-2022-40319

The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References IDOR attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account...

7.6AI score0.07195EPSS
Exploits4References2
EUVD
EUVD
added 2023/01/17 12:0 a.m.4 views

EUVD-2022-43610

The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References IDOR attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account...

7.5CVSS7.4AI score0.07195EPSS
Exploits4References2
Patchstack
Patchstack
added 2023/01/05 12:0 a.m.7 views

WordPress WooCommerce Eway Gateway Plugin <= 3.5.0 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Eway Gateway Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.5.1 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 9e6ef9dda0ad Credits WordfenceTeam...

6.8AI score
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/01/02 2:52 p.m.13 views

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. Insecure direct object references of the library allows an attacker to retrieve or delete files uploaded by other users...

8.8CVSS8.3AI score0.00811EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/01/02 2:31 p.m.15 views

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. Access control bypass through insecure direct object references allows an attacker to archive victim's memos...

4.3CVSS5.1AI score0.00534EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder