Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-4281 | Improper Privilege Management vulnerability in Facepay Project Facepay 1.0 A vulnerability has been found in Facepay 1.0 and classified as critical. | 8.8 |
| 2022-12-02 | CVE-2022-4270 | Improper Privilege Management vulnerability in M-Files Server 22.2.11051.0/22.3.11237.3 Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. | 2.6 |
| 2022-12-01 | CVE-2022-23737 | Improper Privilege Management vulnerability in Github Enterprise Server An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. | 6.5 |
| 2022-11-30 | CVE-2022-1606 | Improper Privilege Management vulnerability in M-Files Server 22.2.11051.0 Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects. | 4.3 |
| 2022-11-22 | CVE-2022-0222 | Improper Privilege Management vulnerability in Schneider-Electric products A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. | 7.5 |
| 2022-11-18 | CVE-2022-42459 | Improper Privilege Management vulnerability in Oxilab Image Hover Effects Ultimate Auth. | 7.2 |
| 2022-11-18 | CVE-2022-43308 | Improper Privilege Management vulnerability in Intelbras SG 2404 MR Firmware and SG 2404 POE Firmware INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. | 7.8 |
| 2022-11-14 | CVE-2022-45183 | Improper Privilege Management vulnerability in Ironmansoftware Powershell Universal Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. | 8.8 |
| 2022-11-10 | CVE-2022-39395 | Improper Privilege Management vulnerability in Go-Vela UI Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. | 9.9 |
| 2022-10-29 | CVE-2022-41974 | Improper Privilege Management vulnerability in multiple products multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. | 7.8 |