CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 41/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-03-16
Medium

CVE-2023-21464

Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status.

CVSS: 4.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2023-21463

Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive in…

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-21457

Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.

CVSS: 4.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-21449

Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2023-0811

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they…

CVSS: 9.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-27875

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-1432

A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=sav…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-03-15
High

CVE-2023-26284

IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper a…

CVSS: 7.5 CWE: N/A View on NVD
2023-03-13
High

CVE-2023-27010

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executabl…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2023-03-10
High

CVE-2023-23911

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-25144

An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-1201

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.

CVSS: 6.5 CWE: N/A View on NVD
2023-03-09
High

CVE-2023-25573

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any…

CVSS: 8.6 CWE: CWE-862 - Missing Authorization View on NVD
2023-03-07
High

CVE-2023-25605

A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-4932

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-4931

The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that…

CVSS: 4.3 CWE: N/A View on NVD
2023-03-06
Medium

CVE-2023-22858

An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.

CVSS: 5.3 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
High

CVE-2023-22335

Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrar…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-03-01
Critical

CVE-2023-1114

Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation. This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100.

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-0952

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization.

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2023-0951

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.

CVSS: 8.8 CWE: N/A View on NVD
2023-02-27
Medium

CVE-2022-45139

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead…

CVSS: 5.3 CWE: CWE-346 - Origin Validation Error View on NVD
2023-02-25
High

CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthent…

CVSS: 7.2 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-25821

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares…

CVSS: 5.7 CWE: CWE-284 - Improper Access Control View on NVD
2023-02-24
Medium

CVE-2023-1007

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Hand…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-0998

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Paymen…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-02-22
High

CVE-2023-0963

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handl…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-02-21
Critical

CVE-2023-22920

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2023-02-19
Medium

CVE-2023-0916

A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. T…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-02-17
Medium

CVE-2023-22232

Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage t…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-40231

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IB…

CVSS: 4.3 CWE: N/A View on NVD
2023-02-16
High

CVE-2022-36369

Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-34854

Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2022-31476

Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-29514

Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVSS: 7.7 CWE: N/A View on NVD
High

CVE-2022-21163

Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 8.4 CWE: N/A View on NVD
Medium

CVE-2021-33104

Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-34157

Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation o…

CVSS: 6.7 CWE: N/A View on NVD
High

CVE-2022-26343

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 8.2 CWE: N/A View on NVD
Low

CVE-2021-0187

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS: 3.2 CWE: N/A View on NVD
2023-02-15
Medium

CVE-2023-22805

LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2022-46892

In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2023-02-12
Medium

CVE-2023-0661

Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-33243

Memory corruption due to improper access control in Qualcomm IPC.

CVSS: 8.4 CWE: CWE-284 - Improper Access Control View on NVD
2023-02-11
Medium

CVE-2022-46755

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.

CVSS: 4.9 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-46754

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not author…

CVSS: 8.7 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-46678

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.

CVSS: 4.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-46677

Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized.

CVSS: 6.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-46676

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group…

CVSS: 4.9 CWE: CWE-284 - Improper Access Control View on NVD
2023-02-09
Low

CVE-2023-21450

Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting.

CVSS: 2.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-21447

Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-21445

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyF…

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-21442

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-21440

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.

CVSS: 6.2 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2023-21437

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.

CVSS: 4.0 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2023-21433

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.

CVSS: 7.8 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2023-21432

Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.

CVSS: 4.2 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2023-21427

Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.

CVSS: 5.4 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-21425

Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.

CVSS: 4.3 CWE: CWE-287 - Improper Authentication View on NVD
2023-02-08
High

CVE-2022-47648

An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If…

CVSS: 7.6 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2023-0744

Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2023-02-07
High

CVE-2022-21953

A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher…

CVSS: 7.4 CWE: CWE-862 - Missing Authorization View on NVD
2023-02-06
High

CVE-2022-40196

Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.…

CVSS: 7.8 CWE: N/A View on NVD
2023-02-04
Medium

CVE-2023-0678

Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
2023-02-01
Medium

CVE-2023-23128

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product…

CVSS: 6.1 CWE: CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains View on NVD
High

CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

CVSS: 7.5 CWE: CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains View on NVD
2023-01-26
Medium

CVE-2023-23611

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing A…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-3482

An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names eve…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-34405

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to…

CVSS: 7.3 CWE: CWE-285 - Improper Authorization View on NVD
2023-01-20
Medium

CVE-2023-20008

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vu…

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2022-20965

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interf…

CVSS: 4.3 CWE: CWE-648 - Incorrect Use of Privileged APIs View on NVD
High

CVE-2023-22339

Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate inclu…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-01-17
Medium

CVE-2018-14628

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attrib…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2023-01-16
Medium

CVE-2015-10057

A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of t…

CVSS: 4.6 CWE: CWE-284 - Improper Access Control View on NVD
2023-01-12
Critical

CVE-2023-22600

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthe…

CVSS: 10.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-47927

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQ…

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2023-01-10
Critical

CVE-2023-0017

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access ser…

CVSS: 9.4 CWE: CWE-284 - Improper Access Control View on NVD
2023-01-07
Medium

CVE-2014-125054

A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. T…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-01-04
Medium

CVE-2021-4300

A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Bloc…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2021-38928

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive inf…

CVSS: 5.4 CWE: N/A View on NVD
2022-12-28
Medium

CVE-2022-4814

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-4810

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-4809

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-4807

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-12-27
Critical

CVE-2022-4724

Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-12-23
High

CVE-2022-4689

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-4684

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-12-17
High

CVE-2022-4567

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
2022-12-14
Medium

CVE-2022-3917

Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data.

CVSS: 4.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-12-08
High

CVE-2022-4366

Missing Authorization in GitHub repository lirantal/daloradius prior to master branch.

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2022-39915

Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows att…

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-39910

Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.

CVSS: 3.9 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-39906

Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.

CVSS: 2.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39903

Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-39900

Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder t…

CVSS: 4.6 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39898

Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39896

Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39895

Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39894

Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
2022-12-07
High

CVE-2022-43581

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2022-12-06
High

CVE-2022-44009

Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
2022-12-05
Medium

CVE-2022-41807

Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2022-11-30
High

CVE-2022-4229

A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-11-29
Medium

CVE-2022-32966

RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2022-11-25
Medium

CVE-2022-38377

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-11-23
High

CVE-2022-41930

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or di…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-41929

org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This…

CVSS: 4.9 CWE: CWE-862 - Missing Authorization View on NVD
2022-11-22
Critical

CVE-2022-39070

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any op…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2022-41326

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit coul…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2022-11-18
Critical

CVE-2022-34827

Carel Boss Mini 1.5.0 has Improper Access Control.

CVSS: 9.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-43482

Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-41692

Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2022-11-17
Critical

CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API u…

CVSS: 9.8 CWE: N/A View on NVD
2022-11-15
Medium

CVE-2022-20941

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vuln…

CVSS: 5.3 CWE: CWE-334 - Small Space of Random Values View on NVD
Medium

CVE-2022-25679

Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVSS: 6.2 CWE: CWE-284 - Improper Access Control View on NVD
2022-11-11
High

CVE-2022-36789

Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially ena…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-35276

Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local acce…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-33973

Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local acce…

CVSS: 3.3 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2022-26024

Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of…

CVSS: 6.7 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2021-33164

Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 8.2 CWE: N/A View on NVD