Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-30 | CVE-2022-1606 | Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects. | 4.3 |
| 2022-11-28 | CVE-2022-3088 | Improper Privilege Management vulnerability in Moxa products UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. | 7.8 |
| 2022-11-23 | CVE-2022-41923 | Improper Privilege Management vulnerability in Grails Spring Security Core Grails Spring Security Core plugin is vulnerable to privilege escalation. | 9.8 |
| 2022-11-23 | CVE-2022-40772 | Improper Privilege Management vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | 6.5 |
| 2022-11-22 | CVE-2022-0222 | Improper Privilege Management vulnerability in Schneider-Electric products A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. | 7.5 |
| 2022-11-18 | CVE-2022-42459 | Improper Privilege Management vulnerability in Oxilab Image Hover Effects Ultimate Auth. | 7.2 |
| 2022-11-18 | CVE-2022-43308 | Improper Privilege Management vulnerability in Intelbras SG 2404 MR Firmware and SG 2404 POE Firmware INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. | 7.8 |
| 2022-11-17 | CVE-2022-45069 | Improper Privilege Management vulnerability in Automattic Crowdsignal Dashboard Auth. | 8.8 |
| 2022-11-17 | CVE-2022-43138 | Improper Privilege Management vulnerability in Dolibarr Erp/Crm Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. | 9.8 |
| 2022-11-15 | CVE-2022-20918 | Improper Privilege Management vulnerability in Cisco products A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. | 7.5 |