Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-25773 1Intel 1Unite Nov 21, 2024 Aug 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25757 1Intel 1Unison Nov 21, 2024 Aug 11, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access.
CVE-2023-23908 3Debian FedoraprojectIntel 139Debian Linux FedoraMicrocode+136 more Nov 21, 2024 Aug 11, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2022-45112 1Intel 1Virtual Raid On Cpu Nov 21, 2024 Aug 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964 3Debian FedoraprojectIntel 5Debian Linux FedoraKiller+2 more Nov 21, 2024 Aug 11, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-38973 1Intel 2Arc A750 Firmware Arc A770 Firmware Nov 21, 2024 Aug 11, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or...Show more Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access.Show less
CVE-2022-37343 1Intel 114Atom C3308 Firmware Atom C3336 FirmwareAtom C3338 Firmware+111 more Nov 21, 2024 Aug 11, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-29871 1Intel 1Converged Security Management Engine Firmware Nov 21, 2024 Aug 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-27635 3Debian FedoraprojectIntel 5Debian Linux FedoraKiller+2 more Nov 21, 2024 Aug 11, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-35179 1Solarwinds 1Serv U Nov 21, 2024 Aug 11, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this actio...Show more A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. Show less
CVE-2023-39963 1Nextcloud 1Nextcloud Server Nov 21, 2024 Aug 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a...Show more Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully stealing a session from a logged in user, to create app passwords for the victim. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.Show less
CVE-2023-39962 1Nextcloud 1Nextcloud Server Nov 21, 2024 Aug 10, 2023 N/A· v4 7.7 HIGH· v3 N/A· v2 Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, a...Show more Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. As a workaround, disable app files_external. This also makes the external storage inaccessible but retains the configurations until a patched version has been deployed.Show less
CVE-2023-39961 1Nextcloud 1Nextcloud Server Nov 21, 2024 Aug 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without d...Show more Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.Show less
CVE-2023-39959 1Nextcloud 1Nextcloud Server Nov 21, 2024 Aug 10, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which revea...Show more Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for the victim. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.Show less
CVE-2023-39952 1Nextcloud 1Nextcloud Server Nov 21, 2024 Aug 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files...Show more Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available.Show less
CVE-2023-38167 1Microsoft 1Dynamics 365 Business Central Jan 1, 2025 Aug 8, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVE-2023-36890 1Microsoft 1Sharepoint Server Nov 21, 2024 Aug 8, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-36889 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Aug 8, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Windows Group Policy Security Feature Bypass Vulnerability
CVE-2023-39349 1Sentry 1Sentry Nov 21, 2024 Aug 7, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list...Show more Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds.Show less
CVE-2023-4183 1Inventory Management System Project 1Inventory Management System Nov 21, 2024 Aug 6, 2023 N/A· v4 9.8 CRITICAL· v3 4.0 MEDIUM· v2 A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The m...Show more A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability.Show less

Previous 1...152153154...255 Next