Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27591 | 2023-03-19 | N/A | N/A | ||
| Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy. | |||||
| CVE-2022-1025 | 1 Linuxfoundation | 1 Argo-cd | 2023-02-12 | 9.0 HIGH | 8.8 HIGH |
| All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. | |||||
| CVE-2022-4813 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 4.3 MEDIUM |
| Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4801 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.3 MEDIUM |
| Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||