Lucene search
K

90 matches found

Cvelist
Cvelist
added 2021/08/30 5:53 p.m.28 views

CVE-2021-22023

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

7AI score0.00999EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.4 views

Larvata Flygo 安全漏洞

Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker, after authenticating as a normal user, to manipulate the announcement ID in a specific Url parameter to access...

5.5CVSS5.8AI score0.00641EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/07/21 4:0 p.m.27 views

CVE-2021-32744 Unauthenticated attacker could gain access to currently open files

Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to...

9.8CVSS9.9AI score0.01053EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/17 12:0 a.m.8 views

Siemens Solid Edge Untrustworthy Pointer Reference Vulnerability

Siemens Solid Edge is a 3D CAD software from Siemens, Germany. An untrustworthy pointer reference vulnerability exists in Siemens Solid Edge. The vulnerability is due to the application lacking proper validation of user-supplied data when parsing PRT files. An attacker can exploit the vulnerabili...

7.8CVSS7AI score0.02029EPSS
Exploits0References1
OSV
OSV
added 2020/12/14 8:15 p.m.3 views

CVE-2020-20183

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00ABBX.3 and earlier allows attackers to gain privileges and access certain admin pages...

7.5CVSS7.1AI score0.01003EPSS
Exploits0References1
Prion
Prion
added 2020/12/14 8:15 p.m.13 views

Design/Logic Flaw

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00ABBX.3 and earlier allows attackers to gain privileges and access certain admin pages...

5CVSS7.7AI score0.01003EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/05/22 4:15 p.m.6 views

OPENSUSE-SU-2020:0670-1 Security update for nextcloud

This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...

7.7CVSS7.5AI score0.01773EPSS
Exploits1References5
OSV
OSV
added 2020/05/17 2:13 p.m.5 views

OPENSUSE-SU-2020:0668-1 Security update for nextcloud

This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...

7.7CVSS7.5AI score0.01773EPSS
Exploits1References5
OSV
OSV
added 2020/05/17 2:13 p.m.5 views

OPENSUSE-SU-2020:0667-1 Security update for nextcloud

This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...

7.7CVSS7.5AI score0.01773EPSS
Exploits1References6
CNVD
CNVD
added 2019/03/14 12:0 a.m.7 views

GNU LibreDWG null pointer back-reference vulnerability (CNVD-2019-12558)

GNU LibreDWG is a GNU Project C library for working with DWG files. A null pointer back-reference vulnerability exists in the 'dwgdxfLTYPE' function of the dwg.spec file in GNU LibreDWG version 0.7 and 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS6.8AI score0.02772EPSS
Exploits1References1
OSV
OSV
added 2019/02/17 4:29 a.m.6 views

CVE-2019-8395

An Insecure Direct Object Reference IDOR vulnerability exists in Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10007 via an attachment to a request...

9.8CVSS7.3AI score0.07065EPSS
Exploits0References1
Prion
Prion
added 2018/11/05 11:29 p.m.17 views

Code injection

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application...

6.8CVSS7.6AI score0.01627EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/07/30 5:57 p.m.18 views

U.S. Dept Of Defense: ████ █████ exposes highly sensitive information to public

Summary: www.██████ is a system used by ██████ for vendors to upload details of their technology for review by ███. Due to an insecure direct object reference vulnerability, all vendor uploads are accessible to the public, without authentication. This includes Unclass//FOUO documents, documents...

6.7AI score
Exploits0
CNVD
CNVD
added 2017/11/15 12:0 a.m.5 views

Adobe Acrobat/Reader Untrustworthy Pointer Reference Vulnerability (CNVD-2017-36610)

Adobe Acrobat and Reader is the United States of America Odooby publicly issued PDF file processing program. Adobe Acrobat and Reader processing PDF files have untrustworthy pointer references vulnerability, allowing remote attackers can exploit the vulnerability to submit a special file, inducin...

9.3CVSS7.4AI score0.08512EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/10 12:0 a.m.3 views

Mp3splt 'free_options()' function null pointer reference denial of service vulnerability

Mp3splt is an mp3 music cutter. A denial of service vulnerability exists in the Mp3splt 'freeoptions' function. An attacker could exploit this vulnerability to crash the application, resulting in a denial of service...

5.5CVSS6.7AI score0.00936EPSS
Exploits1References1
seebug.org
seebug.org
added 2015/11/18 12:0 a.m.14 views

Adobe Flash Player & Compiler内存错误引用漏洞(CNVD-2015-07616)

No description provided by source...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2015/10/30 9:54 a.m.26 views

CVE-2008-3064

Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."...

10CVSS7AI score0.01769EPSS
Exploits1References2
Atlassian
Atlassian
added 2015/10/27 7:37 p.m.42 views

Insecure Direct Object Reference

The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...

4.3CVSS5AI score0.61114EPSS
Exploits5
NVD
NVD
added 2011/07/13 11:55 p.m.17 views

CVE-2011-1887

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CV...

7.8CVSS6.3AI score0.01168EPSS
Exploits0References8
Cvelist
Cvelist
added 2011/07/13 11:0 p.m.24 views

CVE-2011-1880

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer...

6.3AI score0.0137EPSS
Exploits0References8
Rows per page
Query Builder