CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,326 vulnerabilities with CWE-284
CVE-2020-3126
LOW
Cisco Webex Meetings Server - Authenticated Security Bypass via Multimedia Viewer Missing Warning Dialog
CVSS 3.0
CVE-2020-5302
HIGH
mh-wikibot < 2020-04-06 - Unauthenticated Privilege Escalation via Nickname Impersonation
CVSS 8.2
CVE-2020-8139
MEDIUM
Nextcloud Server <18.0.1-<16.0.9 - Info Disclosure
CVSS 6.5
CVE-2020-7253
MEDIUM
McAfee Agent < 5.6.4 - Local Self-Protection Bypass via masvc.exe Command-Line Utility
CVSS 5.7
CVE-2020-6971
HIGH
Emerson ValveLink 12.0.264-13.4.118 - Privilege Escalation via Insecure Configuration Parameters
CVSS 7.8
CVE-2020-5244
HIGH
BuddyPress < 5.1.2 - Unauthenticated Private User Data Exposure via REST API Endpoint
CVSS 8.0
CVE-2020-5242
HIGH
openHAB < 2.5.2 - Unauthenticated Remote Code Execution via REST API Binding Installation
CVSS 7.7
CVE-2020-8122
MEDIUM
Nextcloud Server <14.0.3 - Info Disclosure
CVSS 4.3
CVE-2020-8121
HIGH
Nextcloud Server <14.0.4 - Info Disclosure
CVSS 8.1
CVE-2020-3142
HIGH
Cisco Webex Meetings Suite/Cisco Webex Meetings Online - Info Discl...
CVSS 7.5
CVE-2020-1604
MEDIUM
Juniper Junos - Improper Access Control in IP Firewall Filter
CVSS 6.5
CVE-2019-20462
MEDIUM
Alecto IVM-100 2019-11-12 - Unauthenticated Sensitive Information Disclosure via Serial Interface
CVSS 5.3
CVE-2019-16640
HIGH
Ruijie EG-2000 series - File Upload
CVSS 7.5
CVE-2019-25157
MEDIUM
Ethex Contracts - Improper Access Controls
CVSS 4.3
CVE-2019-25060
MEDIUM
WPGraphQL < 0.3.5 - Unauthenticated User Role Information Disclosure via GraphQL Query
CVSS 5.3
CVE-2019-10200
HIGH
OpenShift Container Platform 4 - Privilege Escalation
CVSS 7.2
CVE-2019-10128
HIGH
PostgreSQL < 9.4.22 - Improper Access Control via Inherited ACL
CVSS 7.8
CVE-2019-10127
HIGH
PostgreSQL <11.3 - Privilege Escalation
CVSS 8.8
CVE-2019-20473
MEDIUM
TK-Star Q90 Junior GPS Horloge Firmware 3.1042.9.8656 - Improper Access Control via SIM PIN Bypass
CVSS 6.8
CVE-2019-20470
HIGH
TK-Star Q90 Junior GPS Horloge Firmware 3.1042.9.8656 - Unauthenticated SMS Command Injection via Default Password
CVSS 7.5
CVE-2019-11786
MEDIUM
Odoo Community and Enterprise <= 13.0 - Authenticated Improper Access Control
CVSS 4.3
CVE-2019-11785
MEDIUM
Odoo < 13.0 - Authenticated Improper Access Control in Mail Module Followers
CVSS 4.3
CVE-2019-11784
MEDIUM
Odoo < 14.0 - Authenticated Improper Access Control in Mail Module Notifications
CVSS 6.5
CVE-2019-11783
MEDIUM
Odoo < 14.0 - Authenticated Improper Access Control in Mail Module
CVSS 6.5
CVE-2019-11782
MEDIUM
Odoo Community and Enterprise <= 14.0 - Authenticated Privilege Escalation via Contact Management
CVSS 6.5
Details
Vulnerabilities
5,326