CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,326 vulnerabilities with CWE-284
CVE-2019-5617
CRITICAL
Computing For Good's Basic Laboratory Information System < 3.4 - Unauthenticated Administrator Password Change
CVSS 10.0
CVE-2019-6144
MEDIUM
Forcepoint One Endpoint 19.04-19.08 - Authenticated DLP and Web Protection Bypass
CVSS 6.5
CVE-2019-15260
CRITICAL
Cisco Aironet 1540/1560/1800/2800/3800/4800 Firmware <8.5.151.0 - Privilege Escalation via URL Access Bypass
CVSS 9.8
CVE-2019-14838
MEDIUM
WildFly Core < 7.2.5.GA - Improper Access Control for Management Users
CVSS 4.9
CVE-2019-9531
CRITICAL
Cobham EXPLORER 710 <1.07 - Info Disclosure
CVSS 9.8
CVE-2019-9530
MEDIUM
Cobham EXPLORER 710 <1.07 - Info Disclosure
CVSS 5.5
CVE-2019-9529
MEDIUM
Cobham EXPLORER 710 - Info Disclosure
CVSS 5.5
CVE-2019-3653
MEDIUM
McAfee Endpoint Security < 10.6.1 - Unauthorized Access to Security Configuration via Configuration Tool
CVSS 4.6
CVE-2019-12670
MEDIUM
Cisco IOS XE - Authenticated Namespace Container Protection Bypass via Insufficient File Permissions
CVSS 6.7
CVE-2019-12648
HIGH
Cisco IOS - Authenticated Unauthorized Access to Guest OS via Incorrect RBAC Evaluation
CVSS 8.8
CVE-2019-15068
CRITICAL
Gigastone Smart Battery A4 Firmware <= r1.7.9 - Unauthenticated Administrator Password Reset
CVSS 9.8
CVE-2019-6810
HIGH
BMXNOR0200H Ethernet / Serial RTU module - Unauthenticated Command Execution via IEC 60870-5-104 Protocol
CVSS 8.8
CVE-2019-13919
MEDIUM
SINEMA Remote Connect Server < V2.0 SP1 - Info Disclosure
CVSS 4.3
CVE-2019-11899
HIGH
Bosch Access < 3.7 - Unauthenticated Sensitive Data Exposure via Windows SMB Protocol
CVSS 7.5
CVE-2019-13656
CRITICAL
CA Technologies Client Automation <14 - RCE
CVSS 9.8
CVE-2019-12627
HIGH
Cisco Firepower Threat Defense < 6.4.0.4 - Sensitive Data Exposure via Policy Misidentification
CVSS 7.5
CVE-2019-5036
HIGH
Nest Cam IQ Indoor Firmware 4620002 - Denial of Service via Weave Error Reporting
CVSS 7.5
CVE-2019-10938
CRITICAL
SIPROTEC 5 DIGSI Device Driver - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2019-10168
HIGH
libvirt <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10167
HIGH
libvirt <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10166
HIGH
libvirtd <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10189
MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10188
MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10187
MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10161
HIGH
libvirtd <4.10.1-5.4.1 - Info Disclosure
CVSS 7.8
Details
Vulnerabilities
5,326