• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-863

CVE-2022-24306

February 23, 2023 by

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.

CVE-2022-24307

February 23, 2023 by

Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD signing has been supported since version 1.6.0.)

CVE-2022-24128

February 23, 2023 by

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.)

CVE-2022-24189

February 23, 2023 by

The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users.

CVE-2022-24110

February 23, 2023 by

Kiteworks MFT 7.5 may allow an unauthorized user to reset other users’ passwords. This is fixed in version 7.6 and later.

CVE-2022-23994

February 23, 2023 by

An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 163
  • Go to page 164
  • Go to page 165
  • Go to page 166
  • Go to page 167
  • Interim pages omitted …
  • Go to page 192
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE