CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,319 vulnerabilities with CWE-284
CVE-2021-33162
HIGH
Intel(R) Ethernet < - Privilege Escalation
CVSS 8.4
CVE-2021-46903
MEDIUM
Meinberg LANTIME-Firmware <6.24.029, <7.04.008 - Privilege Escalation
CVSS 6.5
CVE-2021-40699
HIGH
ColdFusion <2021 update 1, <2018.10 - Privilege Escalation
CVSS 7.4
CVE-2021-36036
HIGH
Magento <2.4.2-2.3.7 - Privilege Escalation
CVSS 7.2
CVE-2021-4380
CRITICAL
Pinterest Automatic <1.14.3 - Auth Bypass
CVSS 9.8
CVE-2021-4364
MEDIUM
JobSearch WP Job Board <1.8.1 - Auth Bypass
CVSS 4.3
CVE-2021-4361
HIGH
JobSearch WP Job Board <1.8.1 - Auth Bypass
CVSS 8.8
CVE-2021-4360
CRITICAL
Controlled Admin Access <1.5.5 - Privilege Escalation
CVSS 9.9
CVE-2021-4352
MEDIUM
JobSearch WP Job Board <1.8.1 - Auth Bypass
CVSS 5.3
CVE-2021-4338
MEDIUM
WordPress 404-301 <3.0.7 - Auth Bypass
CVSS 6.4
CVE-2021-25749
HIGH
kubernetes 1.20.0-1.20.9 - Improper Access Control via runAsNonRoot Bypass
CVSS 7.8
CVE-2021-45111
HIGH
Odoo < 15.0 - Authenticated Improper Access Control via Demonstration Data Creation
CVSS 8.1
CVE-2021-44465
MEDIUM
Odoo < 13.0 - Authenticated Improper Access Control via RPC Requests
CVSS 4.3
CVE-2021-44460
MEDIUM
Odoo < 13.0 - Improper Access Control via Crafted RPC Requests
CVSS 6.5
CVE-2021-23203
HIGH
Odoo Community 14.0-15.0 and Odoo Enterprise 14.0-15.0 - Improper Access Control in Reporting Engine
CVSS 7.5
CVE-2021-23178
HIGH
Odoo < 15.0 - Improper Access Control in Online Payment Validation
CVSS 7.5
CVE-2021-23176
MEDIUM
Odoo < 15.0 - Authenticated Accounting Information Extraction via l10n_fr_fec Reporting Engine
CVSS 6.5
CVE-2021-4300
MEDIUM
Ghostlander Halcyon - Improper Access Controls
CVSS 6.3
CVE-2021-46851
CRITICAL
HarmonyOS - Improper Access Control in DRM Module
CVSS 9.8
CVE-2021-26360
HIGH
AMD Enterprise Driver < 22.10.20 - Unauthorized SOC Register Modification Leading to Arbitrary Code Execution
CVSS 7.8
CVE-2021-44776
MEDIUM
Lanner Inc IAC-AST2500A standard firmware 1.10.0 - Broken Access Control in SubNet_handler_func
CVSS 6.5
CVE-2021-44467
MEDIUM
Lanner Inc IAC-AST2500A Firmware 1.10.0 - Denial of Service via KillDupUsr_func Session Termination
CVSS 5.3
CVE-2021-26733
MEDIUM
Lanner Inc IAC-AST2500A Firmware 1.10.0 - Denial of Service via FirstReset_handler_func
CVSS 5.3
CVE-2021-26732
MEDIUM
Lanner IAC-AST2500A 1.10.0 Unauthenticated Network Config Change via First_network_func
CVSS 6.5
CVE-2021-36913
HIGH
Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection
CVSS 7.5
Details
Vulnerabilities
5,319