CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 45/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2021-09-09
Medium

CVE-2021-1957

Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna…

CVSS: 6.5 CWE: N/A View on NVD
2021-09-06
Medium

CVE-2021-24006

An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directl…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2020-15939

An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration…

CVSS: 4.3 CWE: N/A View on NVD
2021-08-31
High

CVE-2021-35213

An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator…

CVSS: 8.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2021-35221

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
2021-08-25
Medium

CVE-2021-1583

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local…

CVSS: 4.4 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2021-1577

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticate…

CVSS: 9.1 CWE: CWE-284 - Improper Access Control View on NVD
2021-08-15
Critical

CVE-2021-25955

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note…

CVSS: 9.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2021-08-13
Critical

CVE-2021-32071

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view…

CVSS: 9.8 CWE: N/A View on NVD
2021-08-11
Medium

CVE-2021-38590

In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2021-1107

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously comprom…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-0196

Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via loc…

CVSS: 7.8 CWE: N/A View on NVD
2021-08-10
Critical

CVE-2021-20032

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability…

CVSS: 9.8 CWE: CWE-16 View on NVD
2021-08-09
High

CVE-2021-24501

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objec…

CVSS: 8.1 CWE: CWE-283 - Unverified Ownership View on NVD
2021-08-06
Medium

CVE-2021-32587

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticat…

CVSS: 4.3 CWE: N/A View on NVD
2021-08-05
Medium

CVE-2021-32002

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue af…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2021-25448

Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2021-25447

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2021-25446

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2021-22240

Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled

CVSS: 4.2 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-08-03
Medium

CVE-2021-33330

Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal…

CVSS: 4.3 CWE: N/A View on NVD
2021-07-15
Critical

CVE-2021-25320

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach…

CVSS: 9.9 CWE: CWE-284 - Improper Access Control View on NVD
2021-07-14
High

CVE-2021-33671

SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escala…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2021-07-08
High

CVE-2021-25440

Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2021-25439

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbi…

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2021-25438

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause loca…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2021-25437

Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-25431

Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyze…

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2021-25430

Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.

CVSS: 4.3 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2021-28809

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating sy…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2021-07-07
High

CVE-2021-32517

Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerabi…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2021-32514

Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. The referred vulnerability has been solved with the upda…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2021-07-06
Medium

CVE-2021-22228

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access contr…

CVSS: 6.5 CWE: N/A View on NVD
2021-07-01
Medium

CVE-2021-22344

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-22347

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2021-20778

Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors.

CVSS: 7.5 CWE: N/A View on NVD
2021-06-30
Critical

CVE-2021-35973

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &current…

CVSS: 9.8 CWE: CWE-697 - Incorrect Comparison View on NVD
2021-06-28
Medium

CVE-2021-28579

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage th…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2021-21083

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacke…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2021-06-25
High

CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name en…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-06-16
Medium

CVE-2020-8300

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack t…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2021-06-11
Medium

CVE-2021-22896

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2021-25412

An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2021-25410

Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.

CVSS: 7.1 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-25405

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2021-25397

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

CVSS: 6.8 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
High

CVE-2021-28814

An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects:…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-06-09
Medium

CVE-2021-0129

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.

CVSS: 5.7 CWE: N/A View on NVD
High

CVE-2021-0098

Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-0067

 Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2020-12290

Improper access control in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-20730

Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified v…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2021-20728

Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via t…

CVSS: 5.3 CWE: N/A View on NVD
2021-06-03
High

CVE-2021-22334

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause app redirections.

CVSS: 7.4 CWE: N/A View on NVD
High

CVE-2021-32460

The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2021-06-02
High

CVE-2020-4495

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST A…

CVSS: 8.8 CWE: N/A View on NVD
2021-05-28
High

CVE-2021-27032

Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that ar…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-05-27
Medium

CVE-2020-10701

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for th…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2021-22907

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2021-22891

A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zon…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2021-05-25
Critical

CVE-2021-30190

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2021-05-19
Medium

CVE-2020-4646

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2021-21732

A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authoriza…

CVSS: 7.5 CWE: N/A View on NVD
2021-05-18
Medium

CVE-2020-15279

An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion…

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
2021-05-13
High

CVE-2020-36197

An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by…

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
2021-05-10
High

CVE-2021-23014

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the RE…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2021-05-06
Medium

CVE-2021-1515

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on AP…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2021-04-29
High

CVE-2020-21990

Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote…

CVSS: 7.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-04-28
High

CVE-2021-3512

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300H…

CVSS: 8.8 CWE: N/A View on NVD
2021-04-27
Medium

CVE-2021-20715

Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2021-04-26
Medium

CVE-2021-20432

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domai…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-20712

Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed fr…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2021-20694

Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-20693

Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
2021-04-22
High

CVE-2021-28648

Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection…

CVSS: 7.8 CWE: N/A View on NVD
2021-04-21
Medium

CVE-2021-1076

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of servic…

CVSS: 6.6 CWE: N/A View on NVD
2021-04-16
High

CVE-2020-9668

Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privile…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
2021-04-13
Medium

CVE-2021-27598

SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of mis…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2021-21730

A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2021-25253

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate pr…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2021-25250

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on af…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2021-04-12
Critical

CVE-2020-15390

pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2021-24223

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be…

CVSS: 9.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2021-24215

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS set…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2021-24198

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can ta…

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2021-24197

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can ta…

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
2021-04-09
Medium

CVE-2021-25378

Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-25363

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.

CVSS: 6.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-25361

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.

CVSS: 7.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2020-13533

A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attac…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-04-08
Medium

CVE-2021-22513

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow acce…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2021-04-02
Medium

CVE-2021-22865

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadat…

CVSS: 6.5 CWE: CWE-285 - Improper Authorization View on NVD
2021-03-26
Medium

CVE-2021-22180

An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.

CVSS: 4.3 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
Medium

CVE-2021-25369

An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

CVSS: 6.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-03-25
Low

CVE-2021-25366

Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.

CVSS: 3.2 CWE: CWE-703 - Improper Check or Handling of Exceptional Conditions View on NVD
Low

CVE-2021-25351

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.

CVSS: 3.2 CWE: CWE-285 - Improper Authorization View on NVD
2021-03-24
Medium

CVE-2021-22176

An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-03-22
Medium

CVE-2021-25920

In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the…

CVSS: 6.5 CWE: CWE-178 - Improper Handling of Case Sensitivity View on NVD
2021-03-19
High

CVE-2021-26991

Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager.

CVSS: 7.5 CWE: N/A View on NVD
2021-03-18
High

CVE-2020-26155

Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-admin…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.

CVSS: 7.5 CWE: CWE-706 - Use of Incorrectly-Resolved Name or Reference View on NVD
Medium

CVE-2021-20634

Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vec…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2021-20633

Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2021-20632

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspeci…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2021-20630

Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspeci…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2021-20626

Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-20625

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspec…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2021-20624

Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vect…

CVSS: 6.5 CWE: N/A View on NVD
2021-03-17
Medium

CVE-2020-11199

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdr…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-03-15
High

CVE-2021-28374

The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information.…

CVSS: 7.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2021-03-10
High

CVE-2021-20670

Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via un…

CVSS: 7.5 CWE: N/A View on NVD
2021-03-05
Critical

CVE-2020-29020

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea…

CVSS: 9.1 CWE: CWE-284 - Improper Access Control View on NVD
2021-03-04
Medium

CVE-2021-25340

Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.

CVSS: 5.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2021-25337

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

CVSS: 4.4 CWE: CWE-269 - Improper Privilege Management View on NVD
Low

CVE-2021-25336

Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted mali…

CVSS: 2.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Low

CVE-2021-25333

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.

CVSS: 3.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2021-25332

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.

CVSS: 3.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2021-25331

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.

CVSS: 3.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2021-22128

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on…

CVSS: 7.1 CWE: N/A View on NVD
2021-03-03
High

CVE-2021-22863

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission…

CVSS: 8.1 CWE: CWE-285 - Improper Authorization View on NVD