Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-22 | CVE-2022-0222 | Improper Privilege Management vulnerability in Schneider-Electric products A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. | 7.5 |
| 2022-11-18 | CVE-2022-42459 | Improper Privilege Management vulnerability in Oxilab Image Hover Effects Ultimate Auth. | 7.2 |
| 2022-11-18 | CVE-2022-43308 | Improper Privilege Management vulnerability in Intelbras SG 2404 MR Firmware and SG 2404 POE Firmware INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. | 7.8 |
| 2022-11-14 | CVE-2022-45183 | Improper Privilege Management vulnerability in Ironmansoftware Powershell Universal Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. | 8.8 |
| 2022-11-10 | CVE-2022-39395 | Improper Privilege Management vulnerability in Go-Vela UI Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. | 9.9 |
| 2022-11-01 | CVE-2022-3369 | Improper Privilege Management vulnerability in Bitdefender Engines An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. | 5.5 |
| 2022-10-31 | CVE-2022-3419 | Improper Privilege Management vulnerability in Addify Automatic User Roles Switcher The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator | 6.5 |
| 2022-10-29 | CVE-2022-41974 | Improper Privilege Management vulnerability in multiple products multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. | 7.8 |
| 2022-10-26 | CVE-2022-43749 | Improper Privilege Management vulnerability in Synology Presto File Server Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. | 8.8 |
| 2022-10-25 | CVE-2022-28169 | Improper Privilege Management vulnerability in Broadcom Fabric Operating System Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. | 8.8 |