CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,319 vulnerabilities with CWE-284
CVE-2021-21965 CRITICAL
Sealevel SeaConnect 370W Firmware 1.3.34 - Denial of Service via SeaMax Remote Configuration
CVSS 9.3
CVE-2021-21964 HIGH
Sealevel SeaConnect 370W Firmware 1.3.34 - Denial of Service via Modbus Configuration
CVSS 7.4
CVE-2021-40416 HIGH
Reolink RLC-410W <3.0.0.136_20121102 - Info Disclosure
CVSS 8.8
CVE-2021-40415 MEDIUM
reolink RLC-410W v3.0.0.136_20121102 - Info Disclosure
CVSS 6.5
CVE-2021-40414 HIGH
reolink RLC-410W v3.0.0.136_20121102 - Info Disclosure
CVSS 7.1
CVE-2021-40413 HIGH
reolink RLC-410W v3.0.0.136_20121102 - Info Disclosure
CVSS 7.1
CVE-2021-40404 MEDIUM
Reolink RLC-410W <3.0.0.136_20121102 - Auth Bypass
CVSS 6.5
CVE-2021-23233 HIGH
Fresenius Kabi Agilia Link+ <3.0 - Info Disclosure
CVSS 7.3
CVE-2021-4016 MEDIUM
Rapid7 Insight Agent <3.1.3 - Info Disclosure
CVSS 4.0
CVE-2021-34402 MEDIUM
NVIDIA Shield Experience < 9.0 - Memory Corruption in NVDEC
CVSS 6.7
CVE-2021-34401 HIGH
NVIDIA Shield Experience < 9.0 - Improper Access Control in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER
CVSS 7.8
CVE-2021-37864 LOW
Mattermost < 6.1 - Authenticated Improper Access Control via Archived Channel API
CVSS 2.6
CVE-2021-28507 MEDIUM
Arista EOS 4.23.0-4.23.9m - Improper Access Control via OpenConfig gNOI and RESTCONF Service ACL Bypass
CVSS 5.5
CVE-2021-45034 HIGH
Siemens CP-8000 and CP-8021/8022 Master Modules < V16.20 - Unauthenticated Sensitive Data Exposure via Web Server
CVSS 7.5
CVE-2021-23173 LOW
Philips Engage < 6.2.2 - Authenticated Improper Access Control
CVSS 2.6
CVE-2021-4194 MEDIUM
BookStack < 21.12.1 - Improper Access Control
CVSS 6.5
CVE-2021-22567 MEDIUM
Dart Software Development Kit < 2.15.0 - Improper Access Control via Bidirectional Unicode Text
CVSS 4.6
CVE-2021-25991 MEDIUM
ifme 5.0.0-7.32 - Improper Access Control via Admin Self-Ban
CVSS 5.7
CVE-2021-20050 HIGH
SonicWall SMA 100/200/210/400/410/500v Firmware < 10.0.0.0 - Unauthenticated Improper Access Control
CVSS 7.5
CVE-2021-42808 MEDIUM
Thales Sentinel Protection Installer < 7.7.1 - Privilege Escalation via Improper Access Control
CVSS 6.5
CVE-2021-4119 CRITICAL
BookStack < 21.11.2 and ssddanbrown/BookStack < 21.11.3 - Improper Access Control
CVSS 9.8
CVE-2021-36888 CRITICAL
Image Hover Effects Ultimate <= 9.6.1 - Unauthenticated Arbitrary Options Update
CVSS 9.8
CVE-2021-24859 MEDIUM
WordPress Plugin <0.5 - Info Disclosure
CVSS 4.3
CVE-2021-24845 MEDIUM
Improved Include Page WP <1.2 - Info Disclosure
CVSS 6.5
CVE-2021-4089 MEDIUM
snipe-it < 5.3.3 and 5.3.4 - Improper Access Control
CVSS 4.3
Details
Vulnerabilities 5,319