Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-41690 1Intel 1Retail Edge Program Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-41621 1Intel 1Quickassist Technology Nov 21, 2024 May 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-40972 1Intel 1Quickassist Technology Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40207 1Intel 1System Usage Report Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-32582 1Intel 39Nuc 11 Performance Kit Nuc11pahi30z Firmware Nuc 11 Performance Kit Nuc11pahi3 FirmwareNuc 11 Performance Kit Nuc11pahi50z Firmware+36 more Nov 21, 2024 May 10, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable d...Show more Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access.Show less
CVE-2022-32578 1Intel 1Nuc Pro Software Suite Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-24905 1Microsoft 5Windows 10 20h2 Windows 10 21h2Windows 10 22h2+2 more Nov 21, 2024 May 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Remote Desktop Client Remote Code Execution Vulnerability
CVE-2023-32060 1Dhis2 1Dhis 2 Nov 21, 2024 May 9, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combina...Show more DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker program events or program stages, the `/trackedEntityInstances` and `/events` API endpoints may include all events regardless of the sharing settings applied to the category option combinations. When this specific configuration is present, users may have access to events which they should not be able to see based on the sharing settings of the category options. The events will not appear in the user interface for web-based Tracker Capture or Capture applications, but if the Android Capture App is used they will be displayed to the user. Versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0 contain a fix for this issue. No workaround is known.Show less
CVE-2023-31138 1Dhis2 1Dhis 2 Nov 21, 2024 May 9, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the...Show more DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. DHIS2 implementers should upgrade to a supported version of DHIS2 to receive a patch: 2.37.9.1, 2.38.3.1, or 2.39.1.2. It is possible to work around this issue by blocking all PATCH requests on a reverse proxy, but this may cause some issues with the functionality of built-in applications using legacy PATCH requests.Show less
CVE-2023-21495 1Samsung 1Android Nov 21, 2024 May 4, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.
CVE-2023-21493 1Samsung 1Android Nov 21, 2024 May 4, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.
CVE-2023-21491 1Samsung 1Android Nov 21, 2024 May 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.
CVE-2023-21490 1Samsung 1Android Nov 21, 2024 May 4, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.
CVE-2023-21488 1Samsung 1Android Nov 21, 2024 May 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.
CVE-2023-28070 1Dell 1Alienware Command Center Nov 21, 2024 May 3, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update proc...Show more Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation. Show less
CVE-2023-21642 1Qualcomm 13Qam8295p Firmware Qca6574au FirmwareQca6696 Firmware+10 more Nov 21, 2024 May 2, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in HAB Memory management due to broad system privileges via physical address.
CVE-2023-2429 1Phpmyfaq 1Phpmyfaq Jan 30, 2025 Apr 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
CVE-2023-25496 1Lenovo 1Drivers Management Nov 21, 2024 Apr 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.
CVE-2023-24512 1Arista 4Ceos Lab CloudeosEos+1 more Nov 21, 2024 Apr 25, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only wh...Show more On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVisionShow less
CVE-2021-45111 1Odoo 1Odoo Nov 21, 2024 Apr 25, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credenti...Show more Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.Show less

Previous 1...157158159...255 Next