CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,319 vulnerabilities with CWE-284
CVE-2021-24781 MEDIUM
Image Source Control <2.3.1 - Info Disclosure
CVSS 4.3
CVE-2021-41194 CRITICAL
JupyterHub <1.0.0 - Privilege Escalation
CVSS 9.1
CVE-2021-34794 MEDIUM
Cisco ASA and FTD - Unauthenticated SNMPv3 Access Control Bypass
CVSS 5.3
CVE-2021-34754 MEDIUM
Cisco Firepower Threat Defense - Unauthenticated Access Control Bypass via ENIP Packet Inspection
CVSS 5.8
CVE-2021-34864 HIGH
Parallels Desktop 16.1.3 - Privilege Escalation via WinAppHelper
CVSS 8.8
CVE-2021-21703 HIGH
PHP 7.3.x<=7.3.31 7.4.x<7.4.25 8.0.x<8.0.12 - Privilege Escalation via FPM Shared Memory
CVSS 7.8
CVE-2021-38457 CRITICAL
versiondog < 8.0.0 - Unauthenticated Improper Access Control
CVSS 9.8
CVE-2021-24752 MEDIUM
CatchThemes Plugins - Authenticated Improper Access Control via ctp_switch AJAX Action
CVSS 5.7
CVE-2021-38454 CRITICAL
Moxa MXview <3.2.2 - Path Traversal
CVSS 10.0
CVE-2021-28129 HIGH
Apache OpenOffice <4.1.8 - Info Disclosure
CVSS 7.8
CVE-2021-38392 MEDIUM
Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor 3120 - Improper Access Control
CVSS 6.5
CVE-2021-3626 HIGH
Multipass < 1.7.0 - Unauthenticated Privilege Escalation via Localhost TCP Control Socket
CVSS 8.8
CVE-2021-41298 HIGH
ECOA BAS controller - Info Disclosure
CVSS 8.8
CVE-2021-20034 CRITICAL
SonicWall SMA 200/210/400/410/500v < 9.0.0.10-28sv - Unauthenticated Arbitrary File Deletion via Path Traversal Bypass
CVSS 9.1
CVE-2021-22941 CRITICAL KEV
Citrix ShareFile <5.11.20 - Info Disclosure
CVSS 9.8
CVE-2021-34724 MEDIUM
Cisco IOS XE SD-WAN < 17.3.1a - Authenticated Privilege Escalation via Installer File Overwrite
CVSS 6.0
CVE-2021-34696 MEDIUM
Cisco IOS XE < 17.3.2 - Unauthenticated ACL Bypass via Non-CLI Configuration
CVSS 5.8
CVE-2021-1625 MEDIUM
Cisco IOS XE < 17.3.2 - Unauthenticated Traffic Classification Bypass via ICMP/UDP Responder Flows
CVSS 5.8
CVE-2021-1419 HIGH
Cisco Access Points - Authenticated Privilege Escalation via SSH Management File Operations
CVSS 7.8
CVE-2021-24635 MEDIUM
Visual Link Preview < 2.2.3 - Authenticated Improper Access Control via AJAX Actions
CVSS 5.4
CVE-2021-24583 MEDIUM
Timetable and Event Schedule WordPress Plugin < 2.4.2 - Improper Access Control in Timeslot Deletion
CVSS 4.3
CVE-2021-37183 MEDIUM
SINEMA Remote Connect Server < 3.0 SP2 - Unauthenticated Denial of Service via Send-to-Sleep Notifications
CVSS 6.5
CVE-2021-25463 MEDIUM
Samsung PENUP < 3.8.00.18 - Arbitrary Webpage Loading in WebView
CVSS 4.0
CVE-2021-35213 HIGH
Orion Platform <2020.2.5 - Privilege Escalation
CVSS 8.9
CVE-2021-35221 MEDIUM
SolarWinds Orion Platform ImportAlert - Access Control Remote Code Execution
CVSS 6.3
Details
Vulnerabilities 5,319