• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-285

CVE-2019-10159

February 26, 2023 by

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

CVE-2021-32688

February 23, 2023 by

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 19.0.13, 20.0.11, and 21.0.3. Thus fileystem limited tokens were able to grant themselves access to the filesystem. The issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds aside from upgrading.

CVE-2022-4868

February 23, 2023 by godfreyd94

Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.

CVE-2022-4804

February 23, 2023 by godfreyd94

Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4701

February 23, 2023 by godfreyd94

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ‘wpr_activate_required_plugins’ AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the ‘contact-form-7’, ‘media-library-assistant’, or ‘woocommerce’ plugins if they are installed on the site.

CVE-2022-4688

February 23, 2023 by godfreyd94

Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to page 5
  • Go to page 6
  • Interim pages omitted …
  • Go to page 8
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE