CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,311 vulnerabilities with CWE-284
CVE-2022-2088
MEDIUM
Elcomplus SmartICS 2.3.4.0 - Authenticated Arbitrary Process Termination
CVSS 6.8
CVE-2022-2103
CRITICAL
SEPCO Control and Protection Relay Firmware 1.23.0-1.23.21 - Unauthenticated Sensitive File Read and RCE via FTP
CVSS 9.8
CVE-2022-1521
CRITICAL
Illumina Local Run Manager 1.3-3.1 - Unauthenticated Improper Access Control
CVSS 9.1
CVE-2022-27511
HIGH
Citrix Application Delivery Management < 13.0-85.19 - Unauthenticated Administrator Password Reset via SSH
CVSS 8.1
CVE-2022-28612
MEDIUM
Muneeb's Custom Popup Builder <=1.3.1 - XSS
CVSS 5.4
CVE-2022-32158
CRITICAL
Splunk < 9.0 - Unauthenticated Arbitrary Code Execution via Deployment Server
CVSS 9.0
CVE-2022-1958
MEDIUM
FileCloud <21.3.5.18513 - Info Disclosure
CVSS 6.3
CVE-2022-32256
MEDIUM
SINEMA Remote Connect Server < 3.1 - Improper Access Control
CVSS 4.3
CVE-2022-32255
MEDIUM
SINEMA Remote Connect Server < 3.1 - Unauthorized Information Access via Improper Access Control
CVSS 5.3
CVE-2022-31055
HIGH
google/kctf < 1.6.0 - Improper Access Control via set-src-ip-ranges
CVSS 7.5
CVE-2022-1659
MEDIUM
JupiterX Core <= 2.0.6 - Improper Access Control via jupiterx_conditional_manager AJAX Action
CVSS 5.4
CVE-2022-1658
MEDIUM
Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion via abb_remove_plugin AJAX Action
CVSS 5.4
CVE-2022-1656
MEDIUM
JupiterX Theme and JupiterX Core Plugin <= 2.0.6 - Authenticated Privilege Escalation via AJAX API Function Access
CVSS 5.4
CVE-2022-30745
MEDIUM
Quick Share <13.1.2.4 - Info Disclosure
CVSS 4.0
CVE-2022-30715
MEDIUM
DofViewer <SMR Jun-2022 Release 1 - Info Disclosure
CVSS 4.0
CVE-2022-31024
MEDIUM
NextCloud Collabra <6.0.0, <5.0.4, <4.2.6 - Info Disclosure
CVSS 6.5
CVE-2022-1261
MEDIUM
Honeywell Matrikon OPC Server - Privilege Escalation via IPersistFile Function
CVSS 5.8
CVE-2022-29160
LOW
Nextcloud Android <3.19.0 - Info Disclosure
CVSS 2.8
CVE-2022-28184
HIGH
NVIDIA GPU Display Driver - Improper Access Control in Kernel Mode Layer Handler
CVSS 7.1
CVE-2022-1753
MEDIUM
wowonder - Improper Access Control via group_id Parameter in requests.php
CVSS 5.4
CVE-2022-1553
MEDIUM
Publify < 9.2.8 - Unauthenticated Password-Protected Article Content Disclosure
CVSS 4.9
CVE-2022-0574
MEDIUM
GitHub publify/publify <9.2.8 - Info Disclosure
CVSS 6.5
CVE-2022-22282
CRITICAL
SonicWall SMA1000 - Improper Access Control
CVSS 9.8
CVE-2022-21182
HIGH
InHand Networks InRouter302 Firmware < 3.5.4 - Privilege Escalation via Router Configuration Import
CVSS 8.8
CVE-2022-26926
HIGH
Windows Address Book - Remote Code Execution
CVSS 7.8
Details
Vulnerabilities
5,311