Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-42862 1Apple 3Ipados Iphone OsMacos Apr 21, 2025 Dec 15, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences.
CVE-2022-42861 1Apple 3Ipados Iphone OsMacos Apr 21, 2025 Dec 15, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox.
CVE-2022-42859 1Apple 4Ipados Iphone OsMacos+1 more Apr 21, 2025 Dec 15, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences.
CVE-2022-42853 1Apple 1Macos Apr 21, 2025 Dec 15, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system.
CVE-2022-32945 1Apple 3Ipados Iphone OsMacos Apr 21, 2025 Dec 15, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods.
CVE-2022-47407 1Master Quiz Project 1Master Quiz Apr 21, 2025 Dec 14, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user'...Show more An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.Show less
CVE-2022-38355 1Daikinlatam 2Svmpc1 Svmpc2 Nov 21, 2024 Dec 13, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without...Show more Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication. Show less
CVE-2022-46664 1Siemens 1Mendix Workflow Commons Nov 21, 2024 Dec 13, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the...Show more A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information.Show less
CVE-2022-46354 1Siemens 56gk5204 0ba00 2kb2 Firmware 6gk5204 0ba00 2mb2 Firmware6gk5204 0bs00 2na3 Firmware+2 more Apr 22, 2025 Dec 13, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All v...Show more A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.Show less
CVE-2022-45937 1Siemens 9Pxc00 E96.a Firmware Pxc100 E96.a FirmwarePxc16.2 Pe.a Firmware+6 more Nov 21, 2024 Dec 13, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modul...Show more A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.Show less
CVE-2022-45936 1Siemens 1Mendix Email Connector Apr 22, 2025 Dec 13, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote atta...Show more A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.Show less
CVE-2022-41261 1Sap 1Solution Manager Nov 21, 2024 Dec 12, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains creden...Show more SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.Show less
CVE-2022-23485 1Sentry 1Sentry Nov 21, 2024 Dec 10, 2022 N/A· v4 3.7 LOW· v3 N/A· v2 Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite lin...Show more Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`). Show less
CVE-2022-44932 1Tenda 1A18 Firmware Apr 23, 2025 Dec 8, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.
CVE-2022-39915 1Samsung 1Calendar Nov 21, 2024 Dec 8, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sens...Show more Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.Show less
CVE-2022-39910 1Samsung 1Pass Nov 21, 2024 Dec 8, 2022 N/A· v4 4.2 MEDIUM· v3 N/A· v2 Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.
CVE-2022-39906 1Google 1Android Nov 21, 2024 Dec 8, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.
CVE-2022-39900 1Google 1Android Nov 21, 2024 Dec 8, 2022 N/A· v4 4.6 MEDIUM· v3 N/A· v2 Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch.
CVE-2022-39898 1Google 1Android Nov 21, 2024 Dec 8, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.
CVE-2022-39896 1Google 1Android Nov 21, 2024 Dec 8, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.

Previous 1...168169170...255 Next