Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2024-09-16 CVE-2024-8779 OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server.
network
low complexity
CWE-284
8.8
2024-09-10 CVE-2024-37341 Microsoft SQL Server Elevation of Privilege Vulnerability
network
low complexity
CWE-284
8.8
2024-09-10 CVE-2024-38220 Azure Stack Hub Elevation of Privilege Vulnerability
network
low complexity
CWE-284
critical
9.0
2024-09-10 CVE-2024-43492 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
local
low complexity
CWE-284
7.8
2024-08-23 CVE-2024-43477 Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
network
low complexity
CWE-284
7.5
2024-08-20 CVE-2024-38175 An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
network
low complexity
CWE-284
critical
9.6
2024-08-14 CVE-2024-38163 Windows Update Stack Elevation of Privilege Vulnerability
local
low complexity
CWE-284
7.8
2024-08-12 CVE-2024-29082 Improper Access Control vulnerability in Vonets products
Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints.
network
low complexity
vonets CWE-284
8.6
2024-07-23 CVE-2024-38164 Improper Access Control vulnerability in Microsoft Groupme
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
network
low complexity
microsoft CWE-284
8.8
2024-06-13 CVE-2024-34112 ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read.
network
low complexity
CWE-284
7.5