CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,311 vulnerabilities with CWE-284
CVE-2022-21813 MEDIUM
NVIDIA GPU Display Driver for Linux - Unprivileged Local Write Access to Protected Memory
CVSS 6.1
CVE-2022-0273 MEDIUM
Pypi calibreweb <0.6.16 - Info Disclosure
CVSS 6.5
CVE-2022-0203 MEDIUM
GitHub crater-invoice/crater <6.0.2 - Info Disclosure
CVSS 5.3
CVE-2022-0270 HIGH
Bored-Agent <0.6.1 - Privilege Escalation
CVSS 8.8
CVE-2022-21305 MEDIUM
Oracle GraalVM and JDK - Unauthenticated Data Manipulation via Hotspot Component
CVSS 5.3
CVE-2022-21291 MEDIUM
Oracle GraalVM 20.3.4 and 21.3.0 - Unauthenticated Data Manipulation via Hotspot Component
CVSS 5.3
CVE-2022-23134 LOW KEV
Zabbix 5.4.0-5.4.7 - Unauthenticated Improper Access Control in Setup.php
CVSS 3.7
CVE-2022-23132 LOW
Zabbix 4.0.0-4.0.35 - Improper Access Control via SELinux DAC_OVERRIDE Capability
CVSS 3.3
CVE-2022-0170 MEDIUM
Peertube < 4.0.0 - Improper Access Control
CVSS 4.3
CVE-2022-0133 HIGH
Peertube < 2022-01-06 - Improper Access Control
CVSS 7.5
CVE-2021-4477 CRITICAL
Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass
CVSS 9.1
CVE-2021-32584 MEDIUM
FortiWLC <=8.6.0 Unauthenticated Improper Access Control via Web Management CGI
CVSS 5.3
CVE-2021-22126 MEDIUM
FortiWLC 8.2.6-8.2.7, 8.3.2-8.3.3, <=8.4.8, <=8.5.2 - Authenticated Hard-Coded Password Use
CVSS 6.7
CVE-2021-1410 MEDIUM
Cisco Webex Meetings - Authenticated Distribution List Modification via Insufficient Authorization
CVSS 4.3
CVE-2021-34753 MEDIUM
Cisco Firepower Threat Defense Software < 6.4.0.13 - Unauthenticated Access Control Bypass via ENIP Packet Inspection
CVSS 5.8
CVE-2021-3987 MEDIUM
calibre-web < 0.6.15 - Improper Access Control in Shelf Creation
CVSS 4.3
CVE-2021-47155 CRITICAL
Net::IPV4Addr 0.10 - Info Disclosure
CVSS 9.1
CVE-2021-33162 HIGH
Intel(R) Ethernet < - Privilege Escalation
CVSS 8.4
CVE-2021-46903 MEDIUM
Meinberg LANTIME-Firmware <6.24.029, <7.04.008 - Privilege Escalation
CVSS 6.5
CVE-2021-40699 HIGH
ColdFusion <2021 update 1, <2018.10 - Privilege Escalation
CVSS 7.4
CVE-2021-36036 HIGH
Magento <2.4.2-2.3.7 - Privilege Escalation
CVSS 7.2
CVE-2021-4380 CRITICAL
Pinterest Automatic <1.14.3 - Auth Bypass
CVSS 9.8
CVE-2021-4364 MEDIUM
JobSearch WP Job Board <1.8.1 - Auth Bypass
CVSS 4.3
CVE-2021-4361 HIGH
JobSearch WP Job Board <1.8.1 - Auth Bypass
CVSS 8.8
CVE-2021-4360 CRITICAL
Controlled Admin Access <1.5.5 - Privilege Escalation
CVSS 9.9
Details
Vulnerabilities 5,311