CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,319 vulnerabilities with CWE-284
CVE-2021-1591
MEDIUM
Cisco NX-OS - Unauthenticated Access Control Bypass via EtherChannel Port Subscription
CVSS 5.8
CVE-2021-1583
MEDIUM
Cisco NX-OS - Authenticated Arbitrary File Read via Fabric Infrastructure Command
CVSS 4.4
CVE-2021-1581
MEDIUM
Cisco APIC < 3.2(10f) - Command Injection & File Upload via Web UI/API
CVSS 6.5
CVE-2021-1580
MEDIUM
Cisco APIC & Cloud APIC Command Injection & File Upload via Web UI/API
CVSS 6.5
CVE-2021-1577
CRITICAL
Cisco APIC/Cloud APIC Unauthenticated Arbitrary File Read/Write via API
CVSS 9.1
CVE-2021-25956
MEDIUM
Dolibarr 3.3.beta1_20121221-13.0.2 - Authenticated Account Takeover via User Login Rename
CVSS 4.7
CVE-2021-1113
MEDIUM
NVIDIA camera firmware - Privilege Escalation
CVSS 4.7
CVE-2021-25954
MEDIUM
Dolibarr 2.8.1-13.0.4 - Improper Access Control in Private Note Endpoint
CVSS 4.3
CVE-2021-24500
HIGH
Workreap < 2.2.2 - Insecure Direct Object Reference and CSRF via AJAX Actions
CVSS 8.1
CVE-2021-32002
MEDIUM
Secomea SiteManager < 9.5.621256022 - Unauthenticated Information Disclosure via Web Service
CVSS 4.3
CVE-2021-22920
MEDIUM
Citrix ADC/Gateway/SD-WAN - Phishing
CVSS 6.5
CVE-2021-25448
MEDIUM
Smart Touch Call <1.0.0.5 - Info Disclosure
CVSS 5.3
CVE-2021-25447
MEDIUM
SmartThings <1.7.67.25 - Info Disclosure
CVSS 5.3
CVE-2021-25446
MEDIUM
SmartThings <1.7.67.25 - Info Disclosure
CVSS 5.3
CVE-2021-1601
HIGH
Cisco Intersight Virtual Appliance - Unauthenticated Sensitive Internal Service Access via External Management Interface
CVSS 8.3
CVE-2021-1600
HIGH
Cisco Intersight Virtual Appliance - Unauthenticated Sensitive Internal Service Access via External Management Interface
CVSS 8.3
CVE-2021-25320
CRITICAL
Rancher <2.5.9, <2.4.16 - Privilege Escalation
CVSS 9.9
CVE-2021-32753
HIGH
EdgeX Foundry 1.0.0-2.0.0 - OAuth2 Token Brute-Force via Proxy User Credential Exposure
CVSS 8.3
CVE-2021-25440
HIGH
FactoryCameraFB <3.4.74 - Privilege Escalation
CVSS 7.8
CVE-2021-25439
LOW
Samsung Members <2.4.85.11-3.9.10.11 - Info Disclosure
CVSS 3.3
CVE-2021-25438
HIGH
Samsung Members <2.4.85.11-3.9.10.11 - Local File Inclusion
CVSS 7.8
CVE-2021-25431
MEDIUM
Cameralyzer <3.2.1041-<3.4.4210 - Info Disclosure
CVSS 5.5
CVE-2021-28809
CRITICAL
QNAP Hybrid Backup Sync < 3.0.210507 - Improper Access Control
CVSS 9.8
CVE-2021-32517
HIGH
QSAN Storage Manager < 3.3.3 - Improper Access Control in Share Link Download Function
CVSS 7.5
CVE-2021-32514
HIGH
QSAN Storage Manager < 3.3.3 - Improper Access Control in FirmwareUpgrade
CVSS 7.5
Details
Vulnerabilities
5,319