CWE-671

5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-671page 1 of 1

CVE-2018-13283HIGHCVSS 8.8EG 7.4
2019-04-01
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.
CVE-2022-29163LOWCVSS 3.5EG 3.5
2022-05-20
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be pa…
CVE-2023-20115MEDIUMCVSS 5.4EG 5.4
2023-08-23
A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying opera…
CVE-2023-5871MEDIUMCVSS 5.3EG 5.3
2023-11-27
A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.
CVE-2025-24024CRITICALCVSS 9.1EG 9.1
2025-01-21
Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration co…

Map vulnerabilities like CWE-671 to your infrastructure

EchelonGraph correlates every CVE — across CWE-671 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →