CWE-708
12 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-708page 1 of 1
- CVE-2021-26248MEDIUMCVSS 5.5EG 5.52021-11-19
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CVE-2021-32689HIGHCVSS 8.1EG 8.12021-07-12
Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with t…
- CVE-2021-32726HIGHCVSS 7.1EG 7.12021-07-12
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous …
- CVE-2022-22189HIGHCVSS 7.3EG 7.82022-04-14
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local syst…
- CVE-2022-33737HIGHCVSS 7.5EG 7.52022-07-06
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
- CVE-2023-20043MEDIUMCVSS 6.7EG 6.72023-01-20
A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the scr…
- CVE-2023-20044MEDIUMCVSS 6.7EG 7.32023-01-20
A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading supp…
- CVE-2023-29122MEDIUMCVSS 6.7EG 6.72024-11-05
Under certain conditions, access to service libraries is granted to account they should not have access to.
- CVE-2023-4008MEDIUMCVSS 5.3EG 5.32023-08-03
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages wi…
- CVE-2023-41881LOWCVSS 3.7EG 3.72023-10-11
vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent …
- CVE-2024-41773MEDIUMCVSS 6.5EG 6.52024-08-20
IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls.
- CVE-2024-9633LOWCVSS 3.1EG 3.12024-11-14
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a g…
Map vulnerabilities like CWE-708 to your infrastructure
EchelonGraph correlates every CVE — across CWE-708 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →