CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 39/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-10-26
Medium

CVE-2023-45228

The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with mod…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-10-25
Medium

CVE-2023-41721

Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-10-20
Medium

CVE-2023-4941

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This make…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-4924

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This mak…

CVSS: 5.4 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2023-3998

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes…

CVSS: 5.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
Medium

CVE-2023-3869

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This m…

CVSS: 5.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
Medium

CVE-2023-4943

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. Thi…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2021-4353

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on th…

CVSS: 5.3 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2023-10-18
Medium

CVE-2023-4938

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combinatio…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2023-10-17
Critical

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different…

CVSS: 9.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-10-16
Medium

CVE-2023-5575

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combinat…

CVSS: 6.5 CWE: N/A View on NVD
2023-10-13
High

CVE-2023-5240

Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it vi…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-43079

Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerabilit…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-10-10
High

CVE-2023-41679

An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a…

CVSS: 8.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-33301

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-10-09
High

CVE-2023-45247

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acro…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2023-43700

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.

CVSS: 7.7 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2023-43696

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
2023-10-06
High

CVE-2023-45246

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acro…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-45245

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2023-45244

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acro…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
2023-10-05
Medium

CVE-2023-45243

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-45242

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-45240

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-44214

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2023-44212

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477.

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2023-44211

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acro…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-43072

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerabili…

CVSS: 4.4 CWE: CWE-284 - Improper Access Control View on NVD
2023-10-04
Medium

CVE-2023-44210

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 29258, Acro…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-1832

An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected…

CVSS: 6.8 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2023-44208

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image…

CVSS: 9.1 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-30737

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2023-30734

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2023-30732

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-30727

Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2022-22447

IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648.

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-10-03
Medium

CVE-2023-5353

Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-09-30
Medium

CVE-2023-5321

Missing Authorization in GitHub repository hamza417/inure prior to build94.

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
2023-09-29
High

CVE-2023-32477

Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain ele…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
2023-09-27
High

CVE-2023-20253

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll ba…

CVSS: 7.1 CWE: CWE-286 - Incorrect User Management View on NVD
High

CVE-2023-32458

Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potent…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-39376

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-09-25
Critical

CVE-2023-41296

Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.

CVSS: 9.1 CWE: CWE-862 - Missing Authorization View on NVD
2023-09-14
Medium

CVE-2023-38206

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-38205

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-09-12
Medium

CVE-2023-34470

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentialit…

CVSS: 6.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-34469

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentia…

CVSS: 4.9 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-3039

SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execut…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-09-11
High

CVE-2023-31468

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-09-08
Medium

CVE-2023-41775

Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device wh…

CVSS: 5.5 CWE: N/A View on NVD
2023-09-07
High

CVE-2023-36635

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API.

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2021-40699

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticate…

CVSS: 7.4 CWE: CWE-284 - Improper Access Control View on NVD
2023-09-06
Medium

CVE-2020-10132

SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2021-36036

Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storin…

CVSS: 7.2 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-30716

Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2023-30715

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.

CVSS: 4.0 CWE: N/A View on NVD
High

CVE-2023-30709

Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.

CVSS: 7.9 CWE: N/A View on NVD
2023-09-05
Medium

CVE-2023-35906

IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.

CVSS: 5.3 CWE: CWE-291 - Reliance on IP Address for Authentication View on NVD
2023-09-04
Medium

CVE-2023-32809

In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System ex…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2023-32808

In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System ex…

CVSS: 4.4 CWE: N/A View on NVD
2023-09-01
Critical

CVE-2023-4696

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2023-08-31
Medium

CVE-2023-41750

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-4650

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVSS: 4.7 CWE: CWE-284 - Improper Access Control View on NVD
2023-08-26
Low

CVE-2023-4546

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmana…

CVSS: 3.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-08-24
Medium

CVE-2023-40371

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.

CVSS: 6.2 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2023-08-23
Medium

CVE-2023-20230

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete…

CVSS: 5.4 CWE: CWE-284 - Improper Access Control View on NVD
2023-08-21
Medium

CVE-2023-4417

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances,…

CVSS: 6.5 CWE: N/A View on NVD
2023-08-20
Medium

CVE-2023-4434

Missing Authorization in GitHub repository hamza417/inure prior to build88.

CVSS: 6.1 CWE: CWE-862 - Missing Authorization View on NVD
2023-08-18
High

CVE-2023-38132

LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2023-08-17
Medium

CVE-2023-39973

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-39972

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-25647

There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.

CVSS: 4.7 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-08-15
High

CVE-2023-39438

A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary au…

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD
2023-08-14
Critical

CVE-2023-32748

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improp…

CVSS: 9.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2023-08-11
Medium

CVE-2023-32609

Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-32285

Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.

CVSS: 6.0 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-28714

Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of priv…

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-27509

Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access.

CVSS: 6.6 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-27391

Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local…

CVSS: 6.7 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-25775

Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network acc…

CVSS: 5.6 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-25773

Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local ac…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-25757

Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access.

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-23908

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 6.0 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-45112

Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-40964

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 7.9 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-38973

Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable…

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-37343

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 7.2 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-29871

Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 6.7 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-29470

Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 6.7 CWE: N/A View on NVD
High

CVE-2022-27635

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
2023-08-10
Medium

CVE-2023-30698

Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-30685

Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2023-30684

Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2023-30683

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2023-30682

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2023-30679

Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2023-30654

Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.

CVSS: 6.7 CWE: N/A View on NVD
2023-08-08
Critical

CVE-2023-37483

SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2023-08-06
Medium

CVE-2023-4183

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Pa…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-08-05
Medium

CVE-2023-4169

A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the componen…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-08-03
High

CVE-2022-34453

Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policie…

CVSS: 7.6 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-4124

Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2023-07-27
Critical

CVE-2023-33743

TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available.

CVSS: 9.8 CWE: N/A View on NVD
Medium

CVE-2023-32450

Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execut…

CVSS: 6.1 CWE: CWE-379 - Creation of Temporary File in Directory with Insecure Permissions View on NVD
2023-07-26
High

CVE-2023-3442

A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive i…

CVSS: 7.7 CWE: CWE-862 - Missing Authorization View on NVD
2023-07-20
Medium

CVE-2023-3786

A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. I…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-07-12
High

CVE-2023-29298

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security featur…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-07-11
High

CVE-2023-36538

Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

CVSS: 8.4 CWE: CWE-426 - Untrusted Search Path View on NVD
Critical

CVE-2023-2746

The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a…

CVSS: 9.6 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Critical

CVE-2023-29130

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An at…

CVSS: 9.9 CWE: CWE-284 - Improper Access Control View on NVD
2023-07-10
High

CVE-2023-30765

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-3599

A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function save_user of the file admin_class.php of the componen…

CVSS: 6.3 CWE: CWE-264 View on NVD
High

CVE-2023-3273

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-3271

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endp…

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
2023-07-06
Medium

CVE-2023-30677

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2023-30676

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2023-30667

Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2023-30641

Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner&#39;s google account data.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2023-30640

Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.

CVSS: 4.3 CWE: N/A View on NVD
2023-06-29
Medium

CVE-2023-36607

The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file con…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD