Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-25749 1Kubernetes 1Kubernetes Nov 21, 2024 May 24, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
CVE-2023-33947 1Liferay 2Digital Experience Platform Liferay Portal Jan 13, 2026 May 24, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual i...Show more The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition.Show less
CVE-2023-33946 1Liferay 2Digital Experience Platform Liferay Portal Jan 13, 2026 May 24, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual ins...Show more The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.Show less
CVE-2023-2845 1Fit2cloud 1Cloudexplorer Lite Nov 21, 2024 May 23, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.
CVE-2023-23446 1Sick 7Ftmg Esd15axx Firmware Ftmg Esd20axx FirmwareFtmg Esd25axx Firmware+4 more Jun 1, 2026 May 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviled...Show more Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.Show less
CVE-2023-23445 1Sick 7Ftmg Esd15axx Firmware Ftmg Esd20axx FirmwareFtmg Esd25axx Firmware+4 more Jun 1, 2026 May 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by usi...Show more Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.Show less
CVE-2023-31199 1Intel 1Solid State Drive Toolbox Nov 21, 2024 May 12, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-30768 1Intel 64Server Board S1200btl Firmware Server Board S1200btlr FirmwareServer Board S1200btlrm Firmware+61 more Nov 21, 2024 May 12, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via...Show more Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access.Show less
CVE-2023-29242 1Intel 6Oneapi Ai Analytics Toolkit Oneapi Base ToolkitOneapi Dl Framework Developer Toolkit+3 more Nov 21, 2024 May 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-2674 1Open Emr 1Openemr Nov 21, 2024 May 12, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2670 1Oretnom23 1Lost And Found Information System Nov 21, 2024 May 12, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation lead...Show more A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability.Show less
CVE-2023-1834 1Rockwellautomation 1Kinetix 5500 Firmware Nov 21, 2024 May 11, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attacke...Show more Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports.Show less
CVE-2023-0858 1Canon 45I Sensys Lbp621cw Firmware I Sensys Lbp623cdw FirmwareI Sensys Lbp633cdw Firmware+42 more Nov 21, 2024 May 11, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger unauthorized access to the product. :Satera LBP660C...Show more Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger unauthorized access to the product. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.Show less
CVE-2023-25771 1Intel 59Compute Stick Stk2mv64cc Firmware Nuc 7 Enthusiast Nuc7i7bnhxg FirmwareNuc 7 Enthusiast Nuc7i7bnkq Firmware+56 more Nov 21, 2024 May 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-23573 1Intel 1Unite Nov 21, 2024 May 10, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-22312 1Intel 41Lapkc51e Firmware Lapkc71e FirmwareLapkc71f Firmware+38 more Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46279 1Intel 1Retail Edge Program Nov 21, 2024 May 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-42465 1Intel 1One Boot Flash Update Nov 21, 2024 May 10, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-41784 1Intel 1One Boot Flash Update Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access
CVE-2022-41769 1Intel 1Connect M Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access.

Previous 1...156157158...255 Next