Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2339 | 1 Xgenecloud | 1 Nocodb | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information. | |||||
| CVE-2022-3423 | 1 Xgenecloud | 1 Nocodb | 2024-02-04 | N/A | 6.5 MEDIUM |
| Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0. | |||||
| CVE-2022-2064 | 1 Xgenecloud | 1 Nocodb | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||||
| CVE-2022-2022 | 1 Xgenecloud | 1 Nocodb | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7. | |||||
| CVE-2022-2063 | 1 Xgenecloud | 1 Nocodb | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||||
| CVE-2022-2062 | 1 Xgenecloud | 1 Nocodb | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||||
| CVE-2022-2079 | 1 Xgenecloud | 1 Nocodb | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||||
| CVE-2022-22120 | 1 Xgenecloud | 1 Nocodb | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses. | |||||
| CVE-2022-22121 | 1 Xgenecloud | 1 Nocodb | 2024-02-04 | 6.0 MEDIUM | 8.0 HIGH |
| In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed. | |||||