CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,311 vulnerabilities with CWE-284
CVE-2022-2702 HIGH
Company Website CMS - Improper Access Control in Cookie Handler
CVSS 7.3
CVE-2022-27660 HIGH
TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 - Denial of Service via confctl_set_guest_wlan
CVSS 7.5
CVE-2022-27185 HIGH
TCL LinkHub Mesh Wifi MS1G_00_01.00_14 - Denial of Service via confctl_set_master_wlan
CVSS 7.5
CVE-2022-27178 CRITICAL
TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 - Denial of Service via confctl_set_wan_cfg
CVSS 9.8
CVE-2022-26346 CRITICAL
TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 - DoS
CVSS 9.8
CVE-2022-36832 MEDIUM
Samsung Cameralyzer < 3.2.22 - Improper Access Control in WebApp
CVSS 4.0
CVE-2022-33731 MEDIUM
DesktopSystemUI <SMR Aug-2022 Release 1 - Privilege Escalation
CVSS 5.1
CVE-2022-33720 LOW
AppLock <SMR Aug-2022 Release 1 - Info Disclosure
CVSS 2.4
CVE-2022-33714 MEDIUM
SemWifiApBroadcastReceiver <SMR Aug-2022 Release 1 - Info Disclosure
CVSS 6.2
CVE-2022-2631 HIGH
tooljet/tooljet <1.19.0 - Info Disclosure
CVSS 8.8
CVE-2022-26308 LOW
Pandora FMS <7.0NG.760 - Privilege Escalation
CVSS 3.7
CVE-2022-2578 MEDIUM
SourceCodester Garage Management System 1.0 - Info Disclosure
CVSS 6.3
CVE-2022-2225 HIGH
Cloudflare WARP < 2022.5.227.0, < 2022.5.341.0, < 2022.5.346 - Zero Trust Policy Bypass via warp-cli
CVSS 8.1
CVE-2022-31475 MEDIUM
GiveWP <= 2.20.2 - Authenticated Arbitrary File Read via Export Function
CVSS 5.5
CVE-2022-21586 MEDIUM
Oracle Banking Trade Finance 14.5 - Unauthorized Data Access and Modification via HTTP
CVSS 6.4
CVE-2022-32212 HIGH
Node.js <14.20.0, <16.20.0, <18.5.0 - OS Command Injection via IsAllowedHost Bypass
CVSS 8.1
CVE-2022-1025 HIGH
Argo CD 1.0.0-2.1.13 - Authenticated Privilege Escalation to Admin
CVSS 8.8
CVE-2022-33706 LOW
Samsung Gallery <13.1.05.8 - Info Disclosure
CVSS 2.4
CVE-2022-33701 LOW
KnoxCustomManagerService <SMR Jul-2022 Release 1 - Privilege Escala...
CVSS 3.3
CVE-2022-30752 LOW
SemWifiApClient <SMR Jul-2022 Release 1 - Info Disclosure
CVSS 3.3
CVE-2022-30751 LOW
SemWifiApClient <SMR Jul-2022 Release 1 - Info Disclosure
CVSS 3.3
CVE-2022-30750 LOW
SemWifiApClient <SMR Jul-2022 Release 1 - Info Disclosure
CVSS 3.3
CVE-2022-31257 HIGH
Mendix <7.23.31, <8.18.18, <9.14.0, <9.12.2, <9.6.12 - Privilege Es...
CVSS 7.5
CVE-2022-20859 MEDIUM
Cisco Unified Communications Manager 14.0-14.0su2 - Improper Access Control via Disaster Recovery Framework
CVSS 6.5
CVE-2022-34894 LOW
JetBrains Hub < 2022.2.14799 - Unauthenticated Service Hijacking via Insufficient Access Control
CVSS 3.5
Details
Vulnerabilities 5,311