CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 46/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2021-03-03
Medium

CVE-2021-22862

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent…

CVSS: 6.5 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically…

CVSS: 6.5 CWE: CWE-285 - Improper Authorization View on NVD
2021-02-26
Critical

CVE-2019-11684

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlyi…

CVSS: 9.9 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2021-02-24
Medium

CVE-2021-20657

Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege v…

CVSS: 5.4 CWE: N/A View on NVD
2021-02-22
High

CVE-2020-11282

Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snap…

CVSS: 7.8 CWE: N/A View on NVD
2021-02-18
High

CVE-2020-36233

The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privile…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-02-17
Medium

CVE-2021-26559

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2020-8678

Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-12384

Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-0525

Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via lo…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2020-0523

Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2020-0518

Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local acce…

CVSS: 5.5 CWE: N/A View on NVD
2021-02-12
High

CVE-2021-20643

Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.

CVSS: 7.5 CWE: N/A View on NVD
2021-02-11
High

CVE-2021-21045

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenti…

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
2021-02-10
High

CVE-2021-23882

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by p…

CVSS: 8.2 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-23880

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of t…

CVSS: 6.7 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-02-04
Medium

CVE-2021-25246

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-25245

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25244

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25243

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch l…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25242

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25240

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 age…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25239

An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information abou…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25238

An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information ab…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25237

An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25235

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configur…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25234

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain informa…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25233

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain informa…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25232

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25231

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain informa…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25230

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connec…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25229

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-25228

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain informa…

CVSS: 5.3 CWE: N/A View on NVD
2021-02-03
High

CVE-2020-2506

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by ga…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2021-01-29
Medium

CVE-2020-29538

Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather i…

CVSS: 4.9 CWE: N/A View on NVD
2021-01-27
High

CVE-2020-4952

IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.

CVSS: 8.8 CWE: N/A View on NVD
2021-01-26
Medium

CVE-2021-1071

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper acces…

CVSS: 5.6 CWE: N/A View on NVD
High

CVE-2021-1070

NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components…

CVSS: 7.1 CWE: N/A View on NVD
2021-01-19
Medium

CVE-2020-28481

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.

CVSS: 5.3 CWE: CWE-346 - Origin Validation Error View on NVD
2021-01-18
Medium

CVE-2020-7343

Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
2021-01-14
Critical

CVE-2021-20617

Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative…

CVSS: 9.8 CWE: N/A View on NVD
2021-01-13
Medium

CVE-2021-1126

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. T…

CVSS: 5.5 CWE: CWE-256 - Plaintext Storage of a Password View on NVD
2021-01-12
Medium

CVE-2021-21471

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity…

CVSS: 6.5 CWE: N/A View on NVD
2021-01-08
Medium

CVE-2021-1055

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of…

CVSS: 5.3 CWE: N/A View on NVD
2021-01-06
Medium

CVE-2020-8275

Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicio…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2021-01-05
High

CVE-2020-4762

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access co…

CVSS: 8.8 CWE: N/A View on NVD
2020-12-22
Medium

CVE-2019-11786

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modi…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2019-11785

Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on bu…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2019-11784

Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary message…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2019-11783

Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail cha…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2019-11782

Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading t…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2018-15645

Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads,…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2020-12-11
Critical

CVE-2020-28215

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbi…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2020-12-09
High

CVE-2020-26832

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), version…

CVSS: 7.6 CWE: CWE-862 - Missing Authorization View on NVD
2020-12-08
Medium

CVE-2020-14205

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate th…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
2020-12-01
Medium

CVE-2020-28583

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version,…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2020-28582

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2020-28577

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server ho…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2020-28576

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version a…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2020-28573

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2020-7547

A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a u…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2020-7545

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for…

CVSS: 7.2 CWE: CWE-284 - Improper Access Control View on NVD
2020-11-24
High

CVE-2020-28331

Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the…

CVSS: 7.5 CWE: N/A View on NVD
2020-11-23
Medium

CVE-2020-12352

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

CVSS: 6.5 CWE: CWE-909 - Missing Initialization of Resource View on NVD
2020-11-19
Medium

CVE-2020-7573

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2020-8278

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
2020-11-18
Medium

CVE-2020-26077

A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are conf…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2020-11-16
High

CVE-2020-25209

In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.

CVSS: 7.5 CWE: N/A View on NVD
2020-11-13
Medium

CVE-2020-0599

Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 6.7 CWE: N/A View on NVD
2020-11-12
High

CVE-2020-12350

Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-12331

Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-8764

Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2020-8677

Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access.

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2020-8676

Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2020-12308

Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2020-12304

Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-12297

Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may al…

CVSS: 7.8 CWE: N/A View on NVD
2020-11-10
Medium

CVE-2020-6316

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2020-26824

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an…

CVSS: 10.0 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Critical

CVE-2020-26823

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Serv…

CVSS: 10.0 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Critical

CVE-2020-26822

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service,…

CVSS: 10.0 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Critical

CVE-2020-26821

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact…

CVSS: 10.0 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2020-26819

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2020-26818

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information th…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2020-11-06
Critical

CVE-2020-5647

Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version…

CVSS: 9.8 CWE: N/A View on NVD
2020-11-02
Critical

CVE-2020-5656

Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or bef…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2020-3638

u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-11164

u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, S…

CVSS: 7.8 CWE: N/A View on NVD
2020-10-29
Medium

CVE-2020-27655

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2020-27654

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-10-27
Critical

CVE-2020-27183

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges…

CVSS: 9.8 CWE: N/A View on NVD
2020-10-13
Medium

CVE-2020-15797

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-20…

CVSS: 6.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-10-09
High

CVE-2020-15838

The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2020-10-05
Critical

CVE-2020-6875

A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access rig…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2020-8235

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.

CVSS: 4.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2020-8182

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.

CVSS: 8.0 CWE: CWE-284 - Improper Access Control View on NVD
2020-10-02
Critical

CVE-2020-26527

An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding wi…

CVSS: 9.8 CWE: CWE-346 - Origin Validation Error View on NVD
2020-09-30
Medium

CVE-2020-13296

An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2020-09-25
High

CVE-2020-26106

cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).

CVSS: 7.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2020-09-18
Low

CVE-2020-16230

All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the C…

CVSS: 2.3 CWE: N/A View on NVD
2020-09-17
Critical

CVE-2020-8028

A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE M…

CVSS: 9.3 CWE: CWE-284 - Improper Access Control View on NVD
2020-09-16
High

CVE-2020-7531

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever R…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2020-7297

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user inter…

CVSS: 5.7 CWE: CWE-287 - Improper Authentication View on NVD
2020-09-15
Medium

CVE-2020-7296

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user…

CVSS: 5.7 CWE: CWE-287 - Improper Authentication View on NVD
Low

CVE-2020-7295

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the use…

CVSS: 3.5 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2020-7294

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST i…

CVSS: 4.6 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2020-7293

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access co…

CVSS: 9.0 CWE: CWE-287 - Improper Authentication View on NVD
2020-09-13
Medium

CVE-2020-25289

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-09-09
Medium

CVE-2020-7324

Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied per…

CVSS: 6.1 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-7319

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have ac…

CVSS: 8.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-09-08
High

CVE-2019-10596

u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer…

CVSS: 7.8 CWE: N/A View on NVD
2020-08-31
High

CVE-2020-15687

Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/…

CVSS: 7.5 CWE: N/A View on NVD
2020-08-27
Medium

CVE-2020-10517

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given…

CVSS: 4.3 CWE: CWE-285 - Improper Authorization View on NVD
2020-08-17
Critical

CVE-2020-8212

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows acc…

CVSS: 9.8 CWE: CWE-749 - Exposed Dangerous Method or Function View on NVD
High

CVE-2020-8209

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2020-08-13
Medium

CVE-2020-8684

Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege v…

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2020-8759

Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 6.7 CWE: N/A View on NVD
High

CVE-2020-8736

Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local acc…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-8716

Improper access control for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local acces…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-8711

Improper access control in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privi…

CVSS: 6.7 CWE: N/A View on NVD