Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2022-11-30 CVE-2022-1606 Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.
network
low complexity
CWE-269
4.3
2022-11-28 CVE-2022-3088 Improper Privilege Management vulnerability in Moxa products
UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.
local
low complexity
moxa CWE-269
7.8
2022-11-23 CVE-2022-41923 Improper Privilege Management vulnerability in Grails Spring Security Core
Grails Spring Security Core plugin is vulnerable to privilege escalation.
network
low complexity
grails CWE-269
critical
9.8
2022-11-23 CVE-2022-40772 Improper Privilege Management vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
network
low complexity
zohocorp CWE-269
6.5
2022-11-22 CVE-2022-0222 Improper Privilege Management vulnerability in Schneider-Electric products
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP.
network
low complexity
schneider-electric CWE-269
7.5
2022-11-18 CVE-2022-42459 Improper Privilege Management vulnerability in Oxilab Image Hover Effects Ultimate
Auth.
network
low complexity
oxilab CWE-269
7.2
2022-11-18 CVE-2022-43308 Improper Privilege Management vulnerability in Intelbras SG 2404 MR Firmware and SG 2404 POE Firmware
INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.
local
low complexity
intelbras CWE-269
7.8
2022-11-17 CVE-2022-45069 Improper Privilege Management vulnerability in Automattic Crowdsignal Dashboard
Auth.
network
low complexity
automattic CWE-269
8.8
2022-11-17 CVE-2022-43138 Improper Privilege Management vulnerability in Dolibarr Erp/Crm
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
network
low complexity
dolibarr CWE-269
critical
9.8
2022-11-15 CVE-2022-20918 Improper Privilege Management vulnerability in Cisco products
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential.
network
low complexity
cisco CWE-269
7.5