Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-39849 1Google 1Android Nov 21, 2024 Oct 7, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.
CVE-2022-20728 1Cisco 26Aironet 1542d Firmware Aironet 1542i FirmwareAironet 1562d Firmware+23 more Nov 21, 2024 Sep 30, 2022 N/A· v4 4.7 MEDIUM· v3 N/A· v2 A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affecte...Show more A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.Show less
CVE-2022-1959 1Spsoftmobile 1Applock May 20, 2025 Sep 30, 2022 N/A· v4 6.6 MEDIUM· v3 N/A· v2 AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.
CVE-2022-36771 1Ibm 1Qradar User Behavior Analytics May 21, 2025 Sep 28, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.
CVE-2022-39835 1Gajim 1Gajim May 21, 2025 Sep 27, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat....Show more An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.Show less
CVE-2022-3263 1Measuresoft 1Scadapro Server Nov 21, 2024 Sep 23, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with...Show more The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.Show less
CVE-2022-32848 1Apple 1Macos May 22, 2025 Sep 23, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to capture a user’s screen.
CVE-2022-32800 1Apple 2Mac Os X Macos May 22, 2025 Sep 23, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.
CVE-2022-32789 1Apple 1Macos May 22, 2025 Sep 23, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences.
CVE-2022-32783 1Apple 1Macos May 22, 2025 Sep 23, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.
CVE-2022-32226 1Rocketchat 1Rocket.chat May 22, 2025 Sep 23, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accep...Show more An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be executed, bypassing the room access permission check for every but the first matching room.Show less
CVE-2022-35621 1Evohclaimable Project 1Evohclaimable May 28, 2025 Sep 21, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.
CVE-2022-41235 1Jenkins 1Wildfly Deployer May 28, 2025 Sep 21, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
CVE-2022-32883 1Apple 4Ipados Iphone OsMacos+1 more May 29, 2025 Sep 20, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.
CVE-2022-32880 1Apple 1Macos May 28, 2025 Sep 20, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data.
CVE-2022-32872 1Apple 2Ipados Iphone Os Jan 7, 2026 Sep 20, 2022 N/A· v4 2.4 LOW· v3 N/A· v2 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.
CVE-2022-0143 1Forgerock 1Ldap Connector Nov 21, 2024 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Manage...Show more When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)Show less
CVE-2022-2995 1Kubernetes 1Cri O May 29, 2025 Sep 19, 2022 N/A· v4 7.1 HIGH· v3 N/A· v2 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where s...Show more Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.Show less
CVE-2022-23768 1Neoinfosys 1Nis Hap11ac Firmware Nov 21, 2024 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.
CVE-2022-28758 1Zoom 1Zoom On Premise Meeting Connector Mmr Nov 21, 2024 Sep 16, 2022 N/A· v4 8.2 HIGH· v3 N/A· v2 Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not aut...Show more Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.Show less

Previous 1...174175176...255 Next