Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 972

972 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-32707 ‘edit_user’ Capability Privilege Escalation — Splunk Enterprise 8.8 High2023-06-01
CVE-2023-32717 Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results — Splunk Enterprise 4.3 Medium2023-06-01
CVE-2023-34091 Kyverno resource with a deletionTimestamp may allow policy circumvention — kyverno 6.5 Medium2023-06-01
CVE-2023-34219 JetBrains TeamCity 授权问题漏洞 — TeamCity 4.3 Medium2023-05-31
CVE-2023-33189 Incorrect Authorization with specially crafted requests — pomerium 10.0 Critical2023-05-30
CVE-2023-33183 Error in calendar when booking an appointment reveals the full path of the website — security-advisories 2.6 Low2023-05-30
CVE-2023-2950 Improper Authorization in openemr/openemr — openemr/openemr 7.1 -2023-05-28
CVE-2023-2496 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Improper Authorization to Arbitrary File Upload — Go Pricing - WordPress Responsive Pricing Tables 7.1 High2023-05-23
CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip — zulip 6.5 Medium2023-05-19
CVE-2023-2782 Acronis Cyber Infrastructure 安全漏洞 — Acronis Cyber Infrastructure 7.5 -2023-05-18
CVE-2022-45450 Acronis Agent和Acronis Cyber Protect 安全漏洞 — Acronis Agent 8.1 -2023-05-18
CVE-2023-20184 Cisco DNA Center Software API Vulnerabilities — Cisco Digital Network Architecture Center (DNA Center) 5.4 Medium2023-05-18
CVE-2023-20183 Cisco DNA Center Software API Vulnerabilities — Cisco Digital Network Architecture Center (DNA Center) 5.4 Medium2023-05-18
CVE-2023-20182 Cisco DNA Center Software API Vulnerabilities — Cisco Digital Network Architecture Center (DNA Center) 5.4 Medium2023-05-18
CVE-2023-22348 Reading host_configs does not honour contact groups — Checkmk 4.3 Medium2023-05-17
CVE-2023-28325 Rocket.Chat 授权问题漏洞 — Rocket.Chat 6.5 -2023-05-11
CVE-2023-29338 Visual Studio Code Spoofing Vulnerability — Visual Studio Code 6.6 Medium2023-05-09
CVE-2023-28318 Rocket.Chat 授权问题漏洞 — Rocket.Chat--2023-05-09
CVE-2023-28317 Rocket.Chat 授权问题漏洞 — Rocket.Chat 5.3 -2023-05-09
CVE-2023-2534 Information disclouse and DoS via websocket push events — OTRS 7.6 High2023-05-08
CVE-2023-21505 SAMSUNG Mobile devices 安全漏洞 — Samsung Core Service 4.0 Medium2023-05-04
CVE-2023-30467 Improper Authorization Vulnerability in Milesight Network Video Recorder (NVR) — NVR MS-Nxxxx-xxG 7.5 High2023-04-28
CVE-2023-2345 SourceCodester Service Provider Management System improper authorization — Service Provider Management System 6.3 Medium2023-04-27
CVE-2023-2227 Improper Authorization in modoboa/modoboa — modoboa/modoboa 5.4 -2023-04-21
CVE-2023-28973 Junos OS Evolved: The 'sysmanctl' shell command allows a local user to gain access to some administrative actions — Junos OS Evolved 7.1 High2023-04-17
CVE-2022-3748 Improper authorization that can lead to account impersonation — Access Management 9.8 Critical2023-04-14
CVE-2023-26466 Pegasystem PEGA Platform 安全漏洞 — RPA: Synchronization Engine 7.1 -2023-04-10
CVE-2023-28634 GLPI vulnerable to Privilege Escalation from Technician to Super-Admin — glpi 8.8 High2023-04-05
CVE-2023-0665 Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata — Vault 6.5 Medium2023-03-30
CVE-2022-3787 device-mapper-multipath 安全漏洞 — device-mapper-multipath 7.8 -2023-03-29

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 972 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.