CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,326 vulnerabilities with CWE-284
CVE-2020-3126 LOW
Cisco Webex Meetings Server - Authenticated Security Bypass via Multimedia Viewer Missing Warning Dialog
CVSS 3.0
CVE-2020-5302 HIGH
mh-wikibot < 2020-04-06 - Unauthenticated Privilege Escalation via Nickname Impersonation
CVSS 8.2
CVE-2020-8139 MEDIUM
Nextcloud Server <18.0.1-<16.0.9 - Info Disclosure
CVSS 6.5
CVE-2020-7253 MEDIUM
McAfee Agent < 5.6.4 - Local Self-Protection Bypass via masvc.exe Command-Line Utility
CVSS 5.7
CVE-2020-6971 HIGH
Emerson ValveLink 12.0.264-13.4.118 - Privilege Escalation via Insecure Configuration Parameters
CVSS 7.8
CVE-2020-5244 HIGH
BuddyPress < 5.1.2 - Unauthenticated Private User Data Exposure via REST API Endpoint
CVSS 8.0
CVE-2020-5242 HIGH
openHAB < 2.5.2 - Unauthenticated Remote Code Execution via REST API Binding Installation
CVSS 7.7
CVE-2020-8122 MEDIUM
Nextcloud Server <14.0.3 - Info Disclosure
CVSS 4.3
CVE-2020-8121 HIGH
Nextcloud Server <14.0.4 - Info Disclosure
CVSS 8.1
CVE-2020-3142 HIGH
Cisco Webex Meetings Suite/Cisco Webex Meetings Online - Info Discl...
CVSS 7.5
CVE-2020-1604 MEDIUM
Juniper Junos - Improper Access Control in IP Firewall Filter
CVSS 6.5
CVE-2019-20462 MEDIUM
Alecto IVM-100 2019-11-12 - Unauthenticated Sensitive Information Disclosure via Serial Interface
CVSS 5.3
CVE-2019-16640 HIGH
Ruijie EG-2000 series - File Upload
CVSS 7.5
CVE-2019-25157 MEDIUM
Ethex Contracts - Improper Access Controls
CVSS 4.3
CVE-2019-25060 MEDIUM
WPGraphQL < 0.3.5 - Unauthenticated User Role Information Disclosure via GraphQL Query
CVSS 5.3
CVE-2019-10200 HIGH
OpenShift Container Platform 4 - Privilege Escalation
CVSS 7.2
CVE-2019-10128 HIGH
PostgreSQL < 9.4.22 - Improper Access Control via Inherited ACL
CVSS 7.8
CVE-2019-10127 HIGH
PostgreSQL <11.3 - Privilege Escalation
CVSS 8.8
CVE-2019-20473 MEDIUM
TK-Star Q90 Junior GPS Horloge Firmware 3.1042.9.8656 - Improper Access Control via SIM PIN Bypass
CVSS 6.8
CVE-2019-20470 HIGH
TK-Star Q90 Junior GPS Horloge Firmware 3.1042.9.8656 - Unauthenticated SMS Command Injection via Default Password
CVSS 7.5
CVE-2019-11786 MEDIUM
Odoo Community and Enterprise <= 13.0 - Authenticated Improper Access Control
CVSS 4.3
CVE-2019-11785 MEDIUM
Odoo < 13.0 - Authenticated Improper Access Control in Mail Module Followers
CVSS 4.3
CVE-2019-11784 MEDIUM
Odoo < 14.0 - Authenticated Improper Access Control in Mail Module Notifications
CVSS 6.5
CVE-2019-11783 MEDIUM
Odoo < 14.0 - Authenticated Improper Access Control in Mail Module
CVSS 6.5
CVE-2019-11782 MEDIUM
Odoo Community and Enterprise <= 14.0 - Authenticated Privilege Escalation via Contact Management
CVSS 6.5
Details
Vulnerabilities 5,326