CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 43/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-07-17
Medium

CVE-2022-25357

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.

CVSS: 5.3 CWE: N/A View on NVD
2022-07-14
Medium

CVE-2021-39017

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID:…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-45492

In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this direc…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2022-07-12
High

CVE-2022-1025

All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-33706

Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.

CVSS: 2.4 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-33701

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sendi…

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-33689

Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.

CVSS: 6.2 CWE: CWE-287 - Improper Authentication View on NVD
Low

CVE-2022-30752

Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using…

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-30751

Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using…

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-30750

Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-07-08
Critical

CVE-2022-1245

A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target clien…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2022-07-01
Low

CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a…

CVSS: 3.1 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2022-06-28
Medium

CVE-2022-31884

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-29858

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.

CVSS: 4.3 CWE: CWE-287 - Improper Authentication View on NVD
2022-06-24
Medium

CVE-2022-29330

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecifi…

CVSS: 4.9 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD
2022-06-22
Medium

CVE-2022-23055

In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to a…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
2022-06-20
Medium

CVE-2017-20066

A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to lau…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-06-15
Medium

CVE-2022-28612

Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <=…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2022-1958

A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible t…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-06-14
High

CVE-2022-30228

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations…

CVSS: 8.8 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2021-35112

A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdr…

CVSS: 8.4 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2021-30349

Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO…

CVSS: 8.2 CWE: N/A View on NVD
2022-06-13
Medium

CVE-2022-31752

Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2022-30311

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Critical

CVE-2022-30310

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Critical

CVE-2022-30309

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execut…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Critical

CVE-2022-30308

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized executi…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2022-28704

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product i…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2022-26834

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept…

CVSS: 7.5 CWE: N/A View on NVD
2022-06-09
Medium

CVE-2021-27786

Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial…

CVSS: 4.6 CWE: CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains View on NVD
2022-06-07
Low

CVE-2022-30749

Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.

CVSS: 3.3 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2022-30745

Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-30731

Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.

CVSS: 5.1 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-30715

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
2022-05-26
Critical

CVE-2022-30584

Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the aff…

CVSS: 9.6 CWE: N/A View on NVD
2022-05-20
High

CVE-2022-25227

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain a…

CVSS: 8.8 CWE: CWE-346 - Origin Validation Error View on NVD
2022-05-19
High

CVE-2022-1423

Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 be…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
2022-05-16
Critical

CVE-2021-27444

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administr…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-1553

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any p…

CVSS: 4.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-0574

Improper Access Control in GitHub repository publify/publify prior to 9.2.8.

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2022-05-13
Critical

CVE-2022-22282

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Con…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-05-12
Medium

CVE-2022-21131

Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-33123

Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-33117

Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-26258

Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may allow an authorized user to potentially enable escalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-0194

Improper access control in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access.

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2022-29538

RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources.

CVSS: 5.3 CWE: N/A View on NVD
2022-05-11
High

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-05-10
Medium

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 all…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
2022-05-05
Medium

CVE-2021-44055

An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that t…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
2022-05-04
High

CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2021-41032

An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive infor…

CVSS: 6.3 CWE: N/A View on NVD
High

CVE-2021-41020

An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration…

CVSS: 8.8 CWE: N/A View on NVD
2022-05-03
Medium

CVE-2022-20104

In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interact…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-28782

Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point…

CVSS: 4.6 CWE: CWE-424 - Improper Protection of Alternate Path View on NVD
Medium

CVE-2022-28780

Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper pr…

CVSS: 5.0 CWE: CWE-284 - Improper Access Control View on NVD
2022-04-28
Medium

CVE-2022-1511

Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2022-04-15
High

CVE-2022-20716

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-04-14
Medium

CVE-2020-25160

Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devic…

CVSS: 6.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-22190

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentia…

CVSS: 7.4 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-22183

An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected re…

CVSS: 7.5 CWE: CWE-16 View on NVD
2022-04-12
High

CVE-2021-42029

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-04-11
Medium

CVE-2022-28778

Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission

CVSS: 4.4 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-28777

Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-28776

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.

CVSS: 5.9 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2022-28775

Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.

CVSS: 5.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-27840

Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission.

CVSS: 4.4 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-27838

Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.

CVSS: 7.7 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-27836

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without…

CVSS: 8.4 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-26091

Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.

CVSS: 5.7 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-26090

Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.

CVSS: 5.3 CWE: CWE-815 View on NVD
Low

CVE-2022-25831

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.

CVSS: 2.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-1193

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private proj…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2022-04-05
High

CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a r…

CVSS: 7.5 CWE: N/A View on NVD
2022-04-04
Medium

CVE-2022-1105

An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeli…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2021-36776

A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2021-36775

a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versi…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-04-03
Medium

CVE-2022-0405

Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-04-01
Medium

CVE-2022-0390

Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vu…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-0373

Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address

CVSS: 4.3 CWE: N/A View on NVD
2022-03-31
High

CVE-2022-25915

Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmw…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2022-23183

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the infor…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2022-03-30
Medium

CVE-2022-26949

Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain ac…

CVSS: 5.3 CWE: N/A View on NVD
2022-03-23
Critical

CVE-2022-24768

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious…

CVSS: 9.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2022-24730

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compo…

CVSS: 7.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-03-11
Medium

CVE-2022-0932

Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2022-0871

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.

CVSS: 9.1 CWE: CWE-862 - Missing Authorization View on NVD
2022-03-10
Medium

CVE-2022-0815

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details…

CVSS: 6.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2022-26102

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-25825

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.

CVSS: 6.2 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-25215

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those M…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2022-25214

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and M…

CVSS: 7.4 CWE: N/A View on NVD
High

CVE-2022-24931

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission

CVSS: 7.9 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2022-24930

An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper…

CVSS: 4.4 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-24928

Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.

CVSS: 5.9 CWE: CWE-815 View on NVD
High

CVE-2021-40063

There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-0905

Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
2022-03-07
Medium

CVE-2022-0756

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-0755

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-0442

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwri…

CVSS: 4.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
2022-03-06
Critical

CVE-2021-46704

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from in…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2022-03-02
High

CVE-2022-0824

Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2021-44166

An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to…

CVSS: 4.1 CWE: N/A View on NVD
2022-02-26
High

CVE-2021-3967

Improper Access Control in GitHub repository zulip/zulip prior to 4.10.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-02-23
Medium

CVE-2022-0731

Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-0727

Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.

CVSS: 5.4 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-0726

Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
2022-02-16
Medium

CVE-2022-0611

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.

CVSS: 6.3 CWE: CWE-862 - Missing Authorization View on NVD
2022-02-15
High

CVE-2022-0588

Missing Authorization in Packagist librenms/librenms prior to 22.2.0.

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
2022-02-14
Critical

CVE-2021-4201

Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level session…

CVSS: 9.6 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-0579

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2022-02-11
Low

CVE-2022-24924

An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.

CVSS: 2.2 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-23998

Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture…

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2022-23994

An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permis…

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-23433

Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminder…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2022-02-09
High

CVE-2022-24317

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD