• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-863

CVE-2022-0825

February 23, 2023 by

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other’s booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.

CVE-2022-0837

February 23, 2023 by

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification.

CVE-2022-0866

February 23, 2023 by

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it’s possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it’s also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.

CVE-2022-0871

February 23, 2023 by

Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5.

CVE-2022-0740

February 23, 2023 by

Incorrect authorization in the Asana integration’s branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.

CVE-2022-0756

February 23, 2023 by

Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 183
  • Go to page 184
  • Go to page 185
  • Go to page 186
  • Go to page 187
  • Interim pages omitted …
  • Go to page 192
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE