Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 972

972 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-41673 Fortinet FortiADC 授权问题漏洞 — FortiADC 6.9 High2023-12-13
CVE-2023-6538 System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data. — System Management Unit (SMU) 7.6 High2023-12-11
CVE-2023-5808 System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data. — System Management Unit (SMU) 7.6 High2023-12-04
CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication — next-auth 5.3 Medium2023-11-20
CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service — xwiki-platform 7.5 High2023-11-20
CVE-2023-30954 Gotham Video Broken Authentication — com.palantir.video:video-application-server 2.7 Low2023-11-15
CVE-2023-36633 Fortinet FortiMail webmail 安全漏洞 — FortiMail 5.3 Medium2023-11-14
CVE-2023-47109 PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block — blockreassurance 5.5 Medium2023-11-08
CVE-2023-28556 Improper Authorization in HLOS — Snapdragon 7.1 High2023-11-07
CVE-2023-5948 Improper Authorization in teamamaze/amazefileutilities — teamamaze/amazefileutilities 8.1 -2023-11-03
CVE-2023-42491 EisBaer Scada - CWE-285: Improper Authorization — EisBaer Scada 8.8 High2023-10-25
CVE-2021-4334 Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options — Fancy Product Designer 8.8 High2023-10-20
CVE-2020-36714 Brizy < 1.0.126 - Authorization Bypass to Settings Updates — Brizy – Page Builder 7.4 High2023-10-20
CVE-2021-4335 Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions — Fancy Product Designer 6.3 Medium2023-10-20
CVE-2023-5654 React Developer Tools 安全漏洞 — React Developer Tools Extension 6.5 Medium2023-10-19
CVE-2023-38220 Full page cache enumeration via cookie X-Magento-Vary — Adobe Commerce 7.5 High2023-10-13
CVE-2023-41841 Fortinet FortiOS 安全漏洞 — FortiOS 7.4 High2023-10-10
CVE-2023-3037 HelpDezk Community improper authorization — HelpDezk Community 8.6 High2023-10-04
CVE-2023-20186 Cisco IOS 安全漏洞 — IOS 8.0 High2023-09-27
CVE-2023-44125 Personalized service - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking — LG V60 Thin Q 5G(LMV600VM) 6.1 Medium2023-09-27
CVE-2023-44123 Bluetooth - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking — LG V60 Thin Q 5G(LMV600VM) 6.1 Medium2023-09-27
CVE-2023-0456 Apicast proxies the api call with incorrect jwt token to the api backend without proper authorization check — apicast 7.4 High2023-09-27
CVE-2023-42453 Improper validation of receipts allows forged read receipts in matrix synapse — synapse 3.1 Low2023-09-26
CVE-2023-28055 Dell NetWorker 授权问题漏洞 — NetWorker 8.8 High2023-09-26
CVE-2022-47553 Improper Authorization in Ormazabal products — ekorCCP 8.6 High2023-09-19
CVE-2023-0813 Network-observability-console-plugin-container: setting loki authtoken configuration to disable or host mode leads to authentication longer being enforced 7.5 High2023-09-15
CVE-2023-33020 Improper Authorization in WLAN Host — Snapdragon 7.5 High2023-09-05
CVE-2023-33019 Improper Authorization in WLAN Host — Snapdragon 7.5 High2023-09-05
CVE-2023-28584 Improper Authorization in WLAN Host — Snapdragon 7.5 High2023-09-05
CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers — zulip 6.5 Medium2023-08-25

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 972 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.