VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Access Control
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-11-18
CVE-2021-1410
A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists.
network
low complexity
CWE-284
4.3
4.3
2024-11-15
CVE-2021-34753
A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability is due to incomplete processing during deep packet inspection for ENIP packets.
network
low complexity
CWE-284
5.8
5.8
2024-11-15
CVE-2024-20373
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. This vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message.
network
low complexity
CWE-284
5.3
5.3
2024-11-13
CVE-2024-39609
Improper Access Control vulnerability in Intel Server Board M70Klp2Sb Firmware 01.04.0022
Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel
CWE-284
6.7
6.7
2024-11-12
CVE-2024-49044
Improper Access Control vulnerability in Microsoft Visual Studio 2022
Visual Studio Elevation of Privilege Vulnerability
network
high complexity
microsoft
CWE-284
6.7
6.7
2024-11-01
CVE-2024-7424
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1.
network
low complexity
CWE-284
5.4
5.4
2024-10-16
CVE-2020-36831
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17.
network
low complexity
CWE-284
5.0
5.0
2024-10-16
CVE-2020-36838
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5.
network
low complexity
CWE-284
7.4
7.4
2024-08-23
CVE-2024-43477
Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
network
low complexity
CWE-284
7.5
7.5
2024-08-20
CVE-2024-38175
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
network
low complexity
CWE-284
critical
9.6
9.6
«
1
(current)
2
3
4
5
...
94
95
»
Next