The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
2,835 vulnerabilities with CWE-269
CVE-2022-30610
MEDIUM
IBM Spectrum Copy Data Management 2.2.0.0-2.2.15.0 - Reverse Tabnabbing via Malicious URL
CVSS 4.5
CVE-2022-31214
HIGH
Firejail 0.9.68 - Privilege Escalation
CVSS 7.8
CVE-2022-32272
CRITICAL
OPSWAT MetaDefender Core < 5.1.2 - Privilege Escalation via Incorrect Access Control
CVSS 9.8
CVE-2022-30743
MEDIUM
Samsung Account <13.2.00.6 - Privilege Escalation
CVSS 5.3
CVE-2022-30739
MEDIUM
Samsung Account <13.2.00.6 - Privilege Escalation
CVSS 4.0
CVE-2022-30736
MEDIUM
Samsung Account <13.2.00.6 - Privilege Escalation
CVSS 5.3
CVE-2022-30735
MEDIUM
Samsung Account <13.2.00.6 - Privilege Escalation
CVSS 5.9
CVE-2022-21827
HIGH
Citrix Gateway Plug-in for Windows < 21.9.1.2 - Privilege Escalation to SYSTEM via Local File Manipulation
CVSS 7.1
CVE-2022-29333
HIGH
CyberLink Power Director <14 - Privilege Escalation
CVSS 7.8
CVE-2022-31267
CRITICAL
Gitblit 1.9.2 - Privilege Escalation
CVSS 9.8
CVE-2022-29179
HIGH
Cilium <1.9.16, <1.10.11, <1.11.15 - Privilege Escalation
CVSS 7.5
CVE-2022-1770
HIGH
trudesk < 1.2.2 - Improper Privilege Management
CVSS 8.8
CVE-2022-30695
HIGH
Acronis Snap Deploy <3640 - Privilege Escalation
CVSS 7.8
CVE-2022-29587
MEDIUM
Konica Minolta bizhub MFP Firmware < 2022-04-14 - Improper Privilege Management via Internal Chromium Browser
CVSS 4.0
CVE-2022-29218
HIGH
RubyGems.org - Authentication Bypass by Spoofing via Gem Upload Platform Handling
CVSS 7.7
CVE-2022-23743
HIGH
Check Point ZoneAlarm < 15.8.211.192119 - Privilege Escalation and Arbitrary File Write via Weak Directory Permissions
CVSS 7.8
CVE-2022-20114
HIGH
Android - Local Privilege Escalation via TelecomManager placeCall Permissions Bypass
CVSS 7.8
CVE-2022-20112
MEDIUM
Android - Local Privilege Escalation via Private DNS Settings Bypass
CVSS 5.5
CVE-2022-1397
HIGH
easyappointments < 1.5.0 - Privilege Escalation via API
CVSS 8.8
CVE-2022-29164
HIGH
Argo Workflows 2.6.0-3.2.11 - Privilege Escalation via HTML Artifact Script Injection
CVSS 7.1
CVE-2022-27659
MEDIUM
F5 BIG-IP 16.1.x < 16.1.2.2, 15.1.x < 15.1.5.1, 14.1.x < 14.1.4.6 - Authenticated Dashboard Modification and Deletion
CVSS 4.3
CVE-2022-25782
MEDIUM
Secomea GateManager <9.7 - Privilege Escalation
CVSS 5.4
CVE-2022-20759
HIGH
Cisco ASA/FTD - Privilege Escalation
CVSS 8.8
CVE-2022-1227
HIGH
Podman < 4.0.0 - Privilege Escalation via Malicious Image in 'podman top' Command
CVSS 8.8
CVE-2022-1108
MEDIUM
ThinkPad X1 Fold Gen 1 Firmware < N2PET50W - Authenticated Arbitrary Code Execution via SMI Handler Buffer Overflow
CVSS 6.7
Details
Vulnerabilities
2,835
Exploit Likelihood
Medium