CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,319 vulnerabilities with CWE-284
CVE-2021-33162 HIGH
Intel(R) Ethernet < - Privilege Escalation
CVSS 8.4
CVE-2021-46903 MEDIUM
Meinberg LANTIME-Firmware <6.24.029, <7.04.008 - Privilege Escalation
CVSS 6.5
CVE-2021-40699 HIGH
ColdFusion <2021 update 1, <2018.10 - Privilege Escalation
CVSS 7.4
CVE-2021-36036 HIGH
Magento <2.4.2-2.3.7 - Privilege Escalation
CVSS 7.2
CVE-2021-4380 CRITICAL
Pinterest Automatic <1.14.3 - Auth Bypass
CVSS 9.8
CVE-2021-4364 MEDIUM
JobSearch WP Job Board <1.8.1 - Auth Bypass
CVSS 4.3
CVE-2021-4361 HIGH
JobSearch WP Job Board <1.8.1 - Auth Bypass
CVSS 8.8
CVE-2021-4360 CRITICAL
Controlled Admin Access <1.5.5 - Privilege Escalation
CVSS 9.9
CVE-2021-4352 MEDIUM
JobSearch WP Job Board <1.8.1 - Auth Bypass
CVSS 5.3
CVE-2021-4338 MEDIUM
WordPress 404-301 <3.0.7 - Auth Bypass
CVSS 6.4
CVE-2021-25749 HIGH
kubernetes 1.20.0-1.20.9 - Improper Access Control via runAsNonRoot Bypass
CVSS 7.8
CVE-2021-45111 HIGH
Odoo < 15.0 - Authenticated Improper Access Control via Demonstration Data Creation
CVSS 8.1
CVE-2021-44465 MEDIUM
Odoo < 13.0 - Authenticated Improper Access Control via RPC Requests
CVSS 4.3
CVE-2021-44460 MEDIUM
Odoo < 13.0 - Improper Access Control via Crafted RPC Requests
CVSS 6.5
CVE-2021-23203 HIGH
Odoo Community 14.0-15.0 and Odoo Enterprise 14.0-15.0 - Improper Access Control in Reporting Engine
CVSS 7.5
CVE-2021-23178 HIGH
Odoo < 15.0 - Improper Access Control in Online Payment Validation
CVSS 7.5
CVE-2021-23176 MEDIUM
Odoo < 15.0 - Authenticated Accounting Information Extraction via l10n_fr_fec Reporting Engine
CVSS 6.5
CVE-2021-4300 MEDIUM
Ghostlander Halcyon - Improper Access Controls
CVSS 6.3
CVE-2021-46851 CRITICAL
HarmonyOS - Improper Access Control in DRM Module
CVSS 9.8
CVE-2021-26360 HIGH
AMD Enterprise Driver < 22.10.20 - Unauthorized SOC Register Modification Leading to Arbitrary Code Execution
CVSS 7.8
CVE-2021-44776 MEDIUM
Lanner Inc IAC-AST2500A standard firmware 1.10.0 - Broken Access Control in SubNet_handler_func
CVSS 6.5
CVE-2021-44467 MEDIUM
Lanner Inc IAC-AST2500A Firmware 1.10.0 - Denial of Service via KillDupUsr_func Session Termination
CVSS 5.3
CVE-2021-26733 MEDIUM
Lanner Inc IAC-AST2500A Firmware 1.10.0 - Denial of Service via FirstReset_handler_func
CVSS 5.3
CVE-2021-26732 MEDIUM
Lanner IAC-AST2500A 1.10.0 Unauthenticated Network Config Change via First_network_func
CVSS 6.5
CVE-2021-36913 HIGH
Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection
CVSS 7.5
Details
Vulnerabilities 5,319