Lucene search
+L

4654 matches found

NVD
NVD
added 2019/08/02 10:15 p.m.22 views

CVE-2019-7854

An insecure direct object reference IDOR vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details...

7.5CVSS7.3AI score0.01143EPSS
Exploits0References1
Prion
Prion
added 2019/08/02 10:15 p.m.13 views

Design/Logic Flaw

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...

5.5CVSS6.3AI score0.00897EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/02 10:15 p.m.20 views

Design/Logic Flaw

An insecure direct object reference IDOR vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details...

5CVSS7.3AI score0.01143EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/02 9:17 p.m.17 views

CVE-2019-7872

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...

6.6AI score0.00897EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/02 9:11 p.m.26 views

CVE-2019-7854

An insecure direct object reference IDOR vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details...

7.5AI score0.01143EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2019/08/02 5:37 p.m.38 views

Critical Bug in Android Antivirus Exposes Address Books

A slew of popular free Android antivirus apps in recent testing proved to have security holes and privacy issues – including a critical vulnerability that exposes user’s address books, and another serious flaw that enables attackers to turn off antivirus protection entirely. According to an...

5.8AI score
Exploits0References4
wpexploit
wpexploit
added 2019/07/29 12:0 a.m.15 views

Real Estate 7 < 2.9.1 - Stored XSS & IDOR

The 'Real Estate 7' premium WordPress theme is vulnerable to persistent XSS injection that allows an attacker to inject JavaScript or HTML code into the website front-end. There is also an Insecure Direct Object Reference issue, allowing unauthorized users to edit listings they should not have...

6.7AI score
Exploits0References3
Hacker One
Hacker One
added 2019/07/27 7:16 p.m.37 views

Phabricator: IDOR bug to See hidden slowvote of any user even when you dont have access right

USER ACCOUNT ============= 1. user A who create slowvote 2. User B Dont have permissioon to see above slowvote 3. User C has permission to see above slowvote STEP TO REPRODUCE ================== 1. From user A account goto http://phabricator.localhost.com/vote/create/ and create a slowvote . Chan...

7AI score
Exploits0
NVD
NVD
added 2019/07/10 5:15 p.m.24 views

CVE-2018-19584

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

7.5CVSS7.3AI score0.01545EPSS
Exploits1References2
OSV
OSV
added 2019/07/10 5:15 p.m.21 views

CVE-2018-19584

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

7.5CVSS6.4AI score
Exploits0References2
NVD
NVD
added 2019/07/10 5:15 p.m.23 views

CVE-2018-19582

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...

4.3CVSS4.4AI score0.00839EPSS
Exploits0References2
OSV
OSV
added 2019/07/10 5:15 p.m.15 views

CVE-2018-19582

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...

4.3CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2019/07/10 5:15 p.m.20 views

Design/Logic Flaw

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

5CVSS7.4AI score0.01545EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2019/07/10 5:15 p.m.29 views

CVE-2018-19582

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...

4.3CVSS6.3AI score0.00839EPSS
Exploits0References2
Prion
Prion
added 2019/07/10 5:15 p.m.17 views

Design/Logic Flaw

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...

4CVSS4.7AI score0.00839EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/07/10 4:50 p.m.67 views

CVE-2018-19584

Summary: CVE-2018-19584 affects GitLab Enterprise Edition (GitLab EE). Versions 11.x prior to 11.3.11, 11.4 prior to 11.4.8, and 11.5 prior to 11.5.1 are vulnerable to an insecure direct object reference that allows authenticated, but unauthorized, users to view members and milestone details of p...

7.5CVSS7.1AI score0.01545EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/07/10 4:50 p.m.25 views

CVE-2018-19584

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

7.2AI score0.01545EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2019/07/10 4:45 p.m.56 views

CVE-2018-19582

Removed by vendor...

4.3CVSS6.1AI score0.00839EPSS
Exploits0
CVE
CVE
added 2019/07/10 4:45 p.m.79 views

CVE-2018-19582

CVE-2018-19582 affects GitLab Enterprise Edition (GitLab EE) on versions 11.4 before 11.4.8 and 11.5 before 11.5.1. The issue is an insecure direct object reference that could allow an unauthorized user to publish another user’s draft merge request comments. The connected documents confirm the af...

4.3CVSS4.6AI score0.00839EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/07/10 4:15 p.m.24 views

CVE-2018-19575

GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue...

4.3CVSS4.3AI score0.01077EPSS
Exploits0References3
Rows per page
Query Builder