CWE:
 

Topic
Date
Author
Med.
OX Documents 7.10.5 Improper Authorization
21.07.2021
Martin Heiland
Med.
CTFd 2.1.5 Administrator Account Takeover
04.01.2020
Social Engineering Neo
Med.
Microsoft Windows Task Scheduler Local Privilege Escalation
22.07.2019
Social Engineering Neo
Med.
Slims CMS Akasia 8.3.1 SQL Injection
22.05.2019
KingSkrupellos
Med.
Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability
19.05.2019
KingSkrupellos
Med.
Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation
07.11.2018
Matthew Bergin
Low
SAP Business Objects Unauthorized Audit Information Access
26.02.2015
Onapsis
Med.
SAP Business Objects Unauthorized Audit Information Delete
26.02.2015
Onapsis
Low
SAP Business Objects Information Disclosure Via CORBA
09.10.2014
Will Vandevanter
Med.
SAP Business Warehouse Missing Authorization Check
09.10.2014
Will Vandevanter
Med.
SAP Business Objects Denial Of Service Via CORBA
09.10.2014
Will Vandevanter
Med.
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
15.11.2013
Pedro Andujar
High
Zoom Telephonics Multiple Vulns
03.09.2013
K Lovett


CVEMAP Search Results

CVE
Details
Description
2022-08-01
Waiting for details
CVE-2022-2595

Updating...
 

 
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.

 
2022-07-22
Waiting for details
CVE-2022-31168

Updating...
 

 

 
2022-07-01
Waiting for details
CVE-2022-2282

Updating...
 

 
Improper Authorization in GitHub repository saltstack/salt prior to 3004.2.

 
2022-06-16
Waiting for details
CVE-2022-30670

Updating...
 

 
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction.

 
2022-06-02
Medium
CVE-2022-29233

Vendor: Bigbluebutton
Software: Bigbluebutton
 

 
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds.

 
Low
CVE-2022-29234

Vendor: Bigbluebutton
Software: Bigbluebutton
 

 
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s after the lock setting was enacted. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds.

 
Low
CVE-2022-29236

Vendor: Bigbluebutton
Software: Bigbluebutton
 

 
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant. The problem has been patched in versions 2.3.18 and 2.4-rc-6. There are currently no known workarounds.

 
2022-04-28
Waiting for details
CVE-2021-43939

Updating...
 

 
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints.

 
2022-02-15
Low
CVE-2022-0587

Vendor: Librenms
Software: Librenms
 

 
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.

 
2022-01-03
Low
CVE-2021-3837

Vendor: Openwhyd
Software: Openwhyd
 

 
openwhyd is vulnerable to Improper Authorization

 

 


Copyright 2022, cxsecurity.com

 

Back to Top