CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 42/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-11-09
Low

CVE-2022-39892

Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.

CVSS: 3.6 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2022-39889

Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39887

Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39886

Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.

CVSS: 5.9 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
Medium

CVE-2022-39885

Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.

CVSS: 5.9 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
Medium

CVE-2022-39884

Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-11-08
Medium

CVE-2022-40223

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
2022-11-04
High

CVE-2022-20956

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vu…

CVSS: 7.1 CWE: CWE-648 - Incorrect Use of Privileged APIs View on NVD
2022-11-03
Medium

CVE-2022-36404

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.

CVSS: 5.4 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2022-22442

"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2022-11-02
Medium

CVE-2022-39945

An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a sp…

CVSS: 5.4 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
Medium

CVE-2022-38380

An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the A…

CVSS: 4.3 CWE: N/A View on NVD
2022-11-01
High

CVE-2022-3369

An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry s…

CVSS: 8.6 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-10-28
High

CVE-2022-3401

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combi…

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2022-3735

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access contro…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2022-10-25
Medium

CVE-2022-36454

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A succe…

CVSS: 6.5 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2022-36453

A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A…

CVSS: 8.8 CWE: CWE-285 - Improper Authorization View on NVD
2022-10-24
Medium

CVE-2022-41799

Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download t…

CVSS: 6.5 CWE: N/A View on NVD
2022-10-20
Medium

CVE-2022-42197

In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.

CVSS: 6.5 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
2022-10-17
High

CVE-2022-38743

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could all…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-3325

Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1.…

CVSS: 2.7 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-3030

An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipelin…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-2630

An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the In…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-10-14
Medium

CVE-2022-35689

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could lever…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-28761

Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-28760

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meet…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-28759

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meet…

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-3496

A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Ad…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2022-10-12
High

CVE-2022-28866

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in a…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2022-10-11
High

CVE-2022-20434

There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndr…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-20433

There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndr…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-20432

There is an missing authorization issue in the system service. Since the component does not have permission check and permission protection,, resulting in Local Elevation of privilege.Product: Androi…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-20431

There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndr…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-20430

There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndr…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-34434

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or…

CVSS: 6.7 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2022-38388

IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
2022-10-07
Medium

CVE-2022-39878

Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39877

Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the dev…

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39871

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39870

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39869

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39868

Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39867

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39866

Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39865

Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-39864

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39860

Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.

CVSS: 4.4 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-39857

Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39856

Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information.

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-39855

Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.

CVSS: 5.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39851

Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-39850

Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-39849

Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-10-06
Medium

CVE-2022-41294

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807.

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2022-2975

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbi…

CVSS: 7.7 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-09-30
High

CVE-2022-20818

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on com…

CVSS: 7.8 CWE: CWE-25 - Path Traversal: '/../filedir' View on NVD
High

CVE-2022-20775

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands with…

CVSS: 7.8 CWE: CWE-25 - Path Traversal: '/../filedir' View on NVD
2022-09-27
High

CVE-2022-41604

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-09-23
Medium

CVE-2022-32226

An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query opera…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-09-16
High

CVE-2022-28758

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meet…

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
2022-09-13
High

CVE-2022-3182

Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolu…

CVSS: 7.0 CWE: CWE-284 - Improper Access Control View on NVD
2022-09-09
High

CVE-2022-28742

aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can al…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-36869

Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.

CVSS: 6.6 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-36867

Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.

CVSS: 5.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-36866

Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-36865

Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-36864

Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-36856

Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-36851

Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.

CVSS: 3.9 CWE: CWE-284 - Improper Access Control View on NVD
2022-09-07
Medium

CVE-2022-21950

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue a…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-09-06
High

CVE-2022-37344

Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress.

CVSS: 7.6 CWE: CWE-264 View on NVD
High

CVE-2022-36427

Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress.

CVSS: 7.3 CWE: CWE-264 View on NVD
2022-09-02
High

CVE-2022-3065

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2022-08-31
High

CVE-2022-36051

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER`…

CVSS: 8.7 CWE: CWE-436 - Interpretation Conflict View on NVD
2022-08-22
Low

CVE-2022-2841

A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The…

CVSS: 2.7 CWE: CWE-862 - Missing Authorization View on NVD
2022-08-19
Medium

CVE-2022-35692

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.…

CVSS: 5.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2022-2792

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.

CVSS: 6.6 CWE: CWE-284 - Improper Access Control View on NVD
2022-08-18
Medium

CVE-2022-28697

Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2022-28709

Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access.

CVSS: 4.4 CWE: N/A View on NVD
High

CVE-2022-26017

Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

CVSS: 8.0 CWE: N/A View on NVD
High

CVE-2022-25966

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-23182

Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-21812

Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-21152

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-21148

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-21140

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-37409

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2021-33128

Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access.

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2021-33126

Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial o…

CVSS: 4.4 CWE: N/A View on NVD
Low

CVE-2021-23188

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 3.3 CWE: N/A View on NVD
2022-08-17
Medium

CVE-2022-1401

Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with roo…

CVSS: 6.9 CWE: CWE-863 - Incorrect Authorization View on NVD
2022-08-16
Medium

CVE-2022-34259

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-34255

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An a…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-38184

There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2022-08-12
Medium

CVE-2022-38183

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permiss…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2022-08-11
High

CVE-2022-28754

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to…

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-28753

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to…

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
2022-08-10
Medium

CVE-2022-33931

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert Classification page could potentially exploit this vulnerabilit…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-33926

Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository a…

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-33925

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access c…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-33924

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and cre…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2022-2242

The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not av…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2022-08-09
High

CVE-2022-2732

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

CVSS: 8.3 CWE: CWE-862 - Missing Authorization View on NVD
2022-08-08
High

CVE-2022-2702

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-08-05
Medium

CVE-2022-36832

Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-33732

Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.

CVSS: 6.2 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2022-33731

Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.

CVSS: 5.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-33718

An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.

CVSS: 6.2 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2022-33715

Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-33714

Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.

CVSS: 6.2 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-2501

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and downlo…

CVSS: 5.9 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2022-2095

An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2022-25649

Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.

CVSS: 5.0 CWE: CWE-264 View on NVD
2022-08-04
High

CVE-2022-37030

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrar…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-08-03
Medium

CVE-2022-23442

An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user pro…

CVSS: 4.3 CWE: N/A View on NVD
2022-08-02
High

CVE-2022-2631

Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-08-01
Low

CVE-2022-26308

Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which ar…

CVSS: 3.7 CWE: CWE-284 - Improper Access Control View on NVD
2022-07-29
Medium

CVE-2022-2578

A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. Th…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-07-27
High

CVE-2021-38417

VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing.

CVSS: 7.4 CWE: CWE-284 - Improper Access Control View on NVD
2022-07-20
High

CVE-2022-26137

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlass…

CVSS: 8.8 CWE: CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize View on NVD