Filtered by CWE-671
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-20115 1 Cisco 82 Nexus 3048, Nexus 31108pc-v, Nexus 31108tc-v and 79 more 2024-10-02 5.4 Medium
A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability.
CVE-2018-13283 1 Synology 1 Ssl Vpn Client 2024-09-16 N/A
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.
CVE-2022-29163 1 Nextcloud 1 Nextcloud Server 2024-08-03 3.5 Low
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a patch for this issue. There are currently no known workarounds.