Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-06 | CVE-2022-26251 | Improper Privilege Management vulnerability in Synametrics Synaman The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | 7.2 |
| 2022-03-30 | CVE-2021-39772 | Improper Privilege Management vulnerability in Google Android 12.0 In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. | 8.8 |
| 2022-03-30 | CVE-2021-39782 | Improper Privilege Management vulnerability in Google Android 12.0 In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. | 7.8 |
| 2022-03-30 | CVE-2021-39783 | Improper Privilege Management vulnerability in Google Android 12.0 In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. | 7.8 |
| 2022-03-30 | CVE-2021-39784 | Improper Privilege Management vulnerability in Google Android 12.0 In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. | 7.8 |
| 2022-03-18 | CVE-2022-1003 | Improper Privilege Management vulnerability in Mattermost One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads. | 4.9 |
| 2022-03-18 | CVE-2022-24637 | Improper Privilege Management vulnerability in Openwebanalytics Open web Analytics Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. | 9.8 |
| 2022-03-11 | CVE-2022-22141 | Improper Privilege Management vulnerability in Yokogawa products 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. | 7.8 |
| 2022-03-10 | CVE-2022-20051 | Improper Privilege Management vulnerability in Google Android 11.0/12.0 In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. | 5.5 |
| 2022-03-08 | CVE-2022-24408 | Improper Privilege Management vulnerability in Siemens Sinumerik MC Firmware and Sinumerik ONE Firmware A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). | 7.8 |