Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-33243 1Qualcomm 157Apq8096au Firmware Aqt1000 FirmwareAr9380 Firmware+154 more Nov 21, 2024 Feb 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption due to improper access control in Qualcomm IPC.
CVE-2022-46755 1Dell 1Wyse Management Suite Nov 21, 2024 Feb 11, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.
CVE-2022-46754 1Dell 1Wyse Management Suite Nov 21, 2024 Feb 11, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to con...Show more Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities. Show less
CVE-2022-46678 1Dell 1Wyse Management Suite Nov 21, 2024 Feb 11, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.
CVE-2022-46677 1Dell 1Wyse Management Suite Nov 21, 2024 Feb 11, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized.
CVE-2022-46676 1Dell 1Wyse Management Suite Nov 21, 2024 Feb 11, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not author...Show more Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized. Show less
CVE-2023-24688 1Mojoportal 1Mojoportal Mar 24, 2025 Feb 9, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.
CVE-2023-21447 1Samsung 1Cloud Nov 21, 2024 Feb 9, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.
CVE-2023-21445 1Samsung 1Android Nov 21, 2024 Feb 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via im...Show more Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.Show less
CVE-2023-21442 1Samsung 1Android Nov 21, 2024 Feb 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.
CVE-2023-21438 1Samsung 1Android Nov 21, 2024 Feb 9, 2023 N/A· v4 2.4 LOW· v3 N/A· v2 Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.
CVE-2023-21427 1Samsung 1Android Nov 21, 2024 Feb 9, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
CVE-2022-30564 1Dahuasecurity 97Ipc Hf5241f Ze Firmware Ipc Hf5442f Ze FirmwareIpc Hf5541f Ze Firmware+94 more Mar 25, 2025 Feb 9, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.
CVE-2022-47648 1Bosch 1B420 Firmware Nov 21, 2024 Feb 8, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user h...Show more An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013).Show less
CVE-2023-25150 1Nextcloud 1Richdocuments Nov 21, 2024 Feb 8, 2023 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a r...Show more Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue.Show less
CVE-2023-0744 1Answer 1Answer Nov 21, 2024 Feb 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
CVE-2023-23615 1Discourse 1Discourse Nov 21, 2024 Feb 3, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and test...Show more Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts.Show less
CVE-2022-47699 1Comfast Project 1Cf Wr623n Firmware Mar 27, 2025 Jan 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control.
CVE-2023-24425 1Jenkins 1Kubernetes Credentials Provider Apr 2, 2025 Jan 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and poten...Show more Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.Show less
CVE-2023-24022 1Baicells 2Rtd Firmware Rts Firmware Nov 21, 2024 Jan 26, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (...Show more Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) Show less

Previous 1...163164165...255 Next