CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,319 vulnerabilities with CWE-284
CVE-2021-24781
MEDIUM
Image Source Control <2.3.1 - Info Disclosure
CVSS 4.3
CVE-2021-41194
CRITICAL
JupyterHub <1.0.0 - Privilege Escalation
CVSS 9.1
CVE-2021-34794
MEDIUM
Cisco ASA and FTD - Unauthenticated SNMPv3 Access Control Bypass
CVSS 5.3
CVE-2021-34754
MEDIUM
Cisco Firepower Threat Defense - Unauthenticated Access Control Bypass via ENIP Packet Inspection
CVSS 5.8
CVE-2021-34864
HIGH
Parallels Desktop 16.1.3 - Privilege Escalation via WinAppHelper
CVSS 8.8
CVE-2021-21703
HIGH
PHP 7.3.x<=7.3.31 7.4.x<7.4.25 8.0.x<8.0.12 - Privilege Escalation via FPM Shared Memory
CVSS 7.8
CVE-2021-38457
CRITICAL
versiondog < 8.0.0 - Unauthenticated Improper Access Control
CVSS 9.8
CVE-2021-24752
MEDIUM
CatchThemes Plugins - Authenticated Improper Access Control via ctp_switch AJAX Action
CVSS 5.7
CVE-2021-38454
CRITICAL
Moxa MXview <3.2.2 - Path Traversal
CVSS 10.0
CVE-2021-28129
HIGH
Apache OpenOffice <4.1.8 - Info Disclosure
CVSS 7.8
CVE-2021-38392
MEDIUM
Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor 3120 - Improper Access Control
CVSS 6.5
CVE-2021-3626
HIGH
Multipass < 1.7.0 - Unauthenticated Privilege Escalation via Localhost TCP Control Socket
CVSS 8.8
CVE-2021-41298
HIGH
ECOA BAS controller - Info Disclosure
CVSS 8.8
CVE-2021-20034
CRITICAL
SonicWall SMA 200/210/400/410/500v < 9.0.0.10-28sv - Unauthenticated Arbitrary File Deletion via Path Traversal Bypass
CVSS 9.1
CVE-2021-22941
CRITICAL
KEV
Citrix ShareFile <5.11.20 - Info Disclosure
CVSS 9.8
CVE-2021-34724
MEDIUM
Cisco IOS XE SD-WAN < 17.3.1a - Authenticated Privilege Escalation via Installer File Overwrite
CVSS 6.0
CVE-2021-34696
MEDIUM
Cisco IOS XE < 17.3.2 - Unauthenticated ACL Bypass via Non-CLI Configuration
CVSS 5.8
CVE-2021-1625
MEDIUM
Cisco IOS XE < 17.3.2 - Unauthenticated Traffic Classification Bypass via ICMP/UDP Responder Flows
CVSS 5.8
CVE-2021-1419
HIGH
Cisco Access Points - Authenticated Privilege Escalation via SSH Management File Operations
CVSS 7.8
CVE-2021-24635
MEDIUM
Visual Link Preview < 2.2.3 - Authenticated Improper Access Control via AJAX Actions
CVSS 5.4
CVE-2021-24583
MEDIUM
Timetable and Event Schedule WordPress Plugin < 2.4.2 - Improper Access Control in Timeslot Deletion
CVSS 4.3
CVE-2021-37183
MEDIUM
SINEMA Remote Connect Server < 3.0 SP2 - Unauthenticated Denial of Service via Send-to-Sleep Notifications
CVSS 6.5
CVE-2021-25463
MEDIUM
Samsung PENUP < 3.8.00.18 - Arbitrary Webpage Loading in WebView
CVSS 4.0
CVE-2021-35213
HIGH
Orion Platform <2020.2.5 - Privilege Escalation
CVSS 8.9
CVE-2021-35221
MEDIUM
SolarWinds Orion Platform ImportAlert - Access Control Remote Code Execution
CVSS 6.3
Details
Vulnerabilities
5,319