CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,319 vulnerabilities with CWE-284
CVE-2020-25634
MEDIUM
Red Hat 3scale < 2.10.0 - Unauthenticated Sensitive Information Exposure via API Docs URL
CVSS 5.4
CVE-2020-15279
MEDIUM
Bitdefender Endpoint Security Tools <6.6.23.320 - Info Disclosure
CVSS 4.0
CVE-2020-36197
HIGH
QNAP Music Station < 5.3.16 - Improper Access Control
CVSS 7.1
CVE-2020-7038
HIGH
Avaya Equinox Conferencing 9.0.0-9.1.11 - Unauthenticated Access to Screen Sharing and Whiteboard Sessions
CVSS 7.5
CVE-2020-9668
HIGH
Adobe Genuine Service < 6.6 - Unauthenticated Privilege Escalation via Symbolic Link Handling
CVSS 7.8
CVE-2020-29020
CRITICAL
Secomea SiteManager < 9.4.620527004 - Improper Access Control in Web Service
CVSS 9.1
CVE-2020-8902
LOW
Rendertron < 3.0.0 - Server-Side Request Forgery via Headless Chrome Process
CVSS 3.5
CVE-2020-25238
HIGH
SIMATIC PCS neo < 3.1 and TIA Portal V15-V16 - Authenticated Privilege Escalation via File Manipulation
CVSS 7.8
CVE-2020-14312
MEDIUM
Fedora < 31 - Unauthenticated Distributed Denial of Service via Open DNS Resolver Configuration
CVSS 5.9
CVE-2020-27873
MEDIUM
NETGEAR AC2100 R7450 < 1.2.0.76 - Unauthenticated Sensitive Information Disclosure via SOAP API
CVSS 6.5
CVE-2020-2506
HIGH
KEV
QNAP Helpdesk < 3.0.3 - Improper Access Control
CVSS 7.3
CVE-2020-8275
MEDIUM
Citrix Secure Mail for Android <20.11.0 - Info Disclosure
CVSS 4.3
CVE-2020-2504
MEDIUM
QNAP QES < 2.1.1 - Path Traversal in File Station
CVSS 5.8
CVE-2020-35497
MEDIUM
ovirt-engine < 4.4.3 - Authenticated Improper Access Control
CVSS 6.5
CVE-2020-10143
HIGH
Macrium Reflect < 7.3.5281 - Privilege Escalation via OpenSSL Configuration Path Manipulation
CVSS 7.8
CVE-2020-25629
HIGH
Moodle 3.5.0-3.5.13, 3.7.0-3.7.7, 3.8.0-3.8.4, 3.9.0-3.9.1 - Privilege Escalation via 'Log in as' Capability
CVSS 8.8
CVE-2020-7547
HIGH
EcoStruxure and SmartStruxure Power Monitoring and SCADA Software - Improper Access Control via Web Interface
CVSS 8.8
CVE-2020-7545
HIGH
EcoStruxure & SmartStruxure Power Monitoring/SCADA - Authenticated RCE via Web Access
CVSS 7.2
CVE-2020-25654
HIGH
Pacemaker < 1.1.23 - ACL Bypass via IPC Communication
CVSS 7.2
CVE-2020-7573
MEDIUM
EcoStruxure Building Operation WebReports 1.9-3.1 - Improper Access Control
CVSS 6.5
CVE-2020-7561
CRITICAL
Easergy T300 Firmware < 2.7 - Unauthenticated Improper Access Control
CVSS 9.8
CVE-2020-25701
MEDIUM
Moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Improper Access Control via Upload Course Tool
CVSS 5.3
CVE-2020-25698
HIGH
Moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Improper Access Control in Course Enrollment Restoration
CVSS 7.5
CVE-2020-8278
MEDIUM
Nextcloud Social <0.3.1 - Info Disclosure
CVSS 5.3
CVE-2020-3482
MEDIUM
Cisco Expressway and TelePresence VCS < X12.6.3 - Unauthenticated Network Access Control Bypass via TURN Server
CVSS 6.5
Details
Vulnerabilities
5,319