Filtered by CWE-284
Total 2799 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-4809 1 Usememos 1 Memos 2024-08-03 8.8 High
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4814 1 Usememos 1 Memos 2024-08-03 4.3 Medium
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4724 1 Ikus-soft 1 Rdiffweb 2024-08-03 9.8 Critical
Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.
CVE-2022-4689 1 Usememos 1 Memos 2024-08-03 8.8 High
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4684 1 Usememos 1 Memos 2024-08-03 8.8 High
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4567 1 Open-emr 1 Openemr 2024-08-03 8.1 High
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
CVE-2022-4229 1 Book Store Management System Project 1 Book Store Management System 2024-08-03 7.3 High
A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.
CVE-2022-4087 1 Ipxe 1 Ipxe 2024-08-03 2.6 Low
A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability.
CVE-2022-3780 1 Devolutions 1 Remote Desktop Manager 2024-08-03 7.5 High
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions.
CVE-2022-3746 1 Lenovo 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more 2024-08-03 6.7 Medium
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.
CVE-2022-3186 1 Dataprobe 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more 2024-08-03 8.6 High
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.
CVE-2022-3182 1 Devolutions 1 Remote Desktop Manager 2024-08-03 7.0 High
Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions.
CVE-2022-3065 1 Diagrams 1 Drawio 2024-08-03 7.5 High
Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.
CVE-2022-2995 2 Kubernetes, Redhat 2 Cri-o, Openshift 2024-08-03 7.1 High
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
CVE-2022-3019 1 Tooljet 1 Tooljet 2024-08-03 8.8 High
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
CVE-2022-2792 1 Emerson 1 Electric\'s Proficy 2024-08-03 6.6 Medium
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.
CVE-2022-2702 1 Company Website\/cms Project 1 Company Website\/cms 2024-08-03 7.3 High
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability.
CVE-2022-2631 1 Tooljet 1 Tooljet 2024-08-03 8.8 High
Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.
CVE-2022-2578 1 Garage Management System Project 1 Garage Management System 2024-08-03 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-2225 1 Cloudflare 1 Warp 2024-08-03 8.1 High
By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.