CVE-2021-37630

MEDIUM Year: 2021
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is upgraded to 0.19.15, 0.20.11 or 0.21.4. There are no workarounds for this issue.

Related Vulnerabilities

CVE-2018-16606

MEDIUM
CVSS:6.5(Medium)

In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Org...

CWE-6392018

CVE-2019-12252

MEDIUM
CVSS:6.5(Medium)

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&not...

CWE-6392019

CVE-2019-14245

MEDIUM
CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.

CWE-6392019

CVE-2019-14246

MEDIUM
CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.

CWE-6392019

CVE-2019-14721

MEDIUM
CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.

CWE-6392019

CVE-2019-15815

MEDIUM
CVSS:6.5(Medium)

ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privi...

CWE-6392019