CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,331 vulnerabilities with CWE-284
CVE-2019-10166 HIGH
libvirtd <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10189 MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10188 MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10187 MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10161 HIGH
libvirtd <4.10.1-5.4.1 - Info Disclosure
CVSS 7.8
CVE-2019-5452 LOW
Nextcloud Android App < 3.6.2 - Improper Access Control via Thumbnail Content Provider
CVSS 2.4
CVE-2019-10138 HIGH
python-novajoin <1.1.1 - Privilege Escalation
CVSS 8.8
CVE-2019-10130 MEDIUM
PostgreSQL <11.3, 10.8, 9.6.13, 9.5.17 - Info Disclosure
CVSS 4.3
CVE-2019-9884 CRITICAL
eClass platform < ip.2.5.10.2.1 - Auth Bypass
CVSS 9.8
CVE-2019-3794 MEDIUM
Cloud Foundry UAA < 73.4.0 - Clickjacking via Missing X-FRAME-OPTIONS Header
CVSS 5.4
CVE-2019-10970 CRITICAL
Rockwell Automation PanelView 5510 Firmware < 4.003 - Unauthenticated Root Access via Boot-Up Exploit
CVSS 9.8
CVE-2019-1010316 HIGH
pyxtrlock < 0.3 - Incorrect Access Control
CVSS 7.8
CVE-2019-9886 HIGH
BroadLearning eClass <ip.2.5.10.2.1 - Info Disclosure
CVSS 7.5
CVE-2019-1890 MEDIUM
Cisco Nexus 9000 - Privilege Escalation
CVSS 6.5
CVE-2019-13028 HIGH
electronic_identification_cards_client < 3.1.2 (Windows) & < 3.0.3 (Linux) - RCE via Local Web Server
CVSS 8.8
CVE-2019-10964 HIGH
Medtronic MiniMed 508 and Paradigm Firmware - Improper Access Control via Wireless RF Communication
CVSS 7.1
CVE-2019-10175 MEDIUM
virt-cdi-cloner 1.4 - Privilege Escalation
CVSS 6.5
CVE-2019-1622 MEDIUM
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
CVSS 5.3
CVE-2019-1619 CRITICAL
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution via Improper Session Management
CVSS 9.8
CVE-2019-2729 CRITICAL
Oracle Communications Diameter Signaling Router - Unauthenticated Remote Code Execution via HTTP
CVSS 9.8
CVE-2019-10962 MEDIUM
BD Alaris Gateway Workstation Firmware <=1.1.6 - Unauthenticated Information Disclosure
CVSS 5.3
CVE-2019-10925 HIGH
SIMATIC MV400 family < V7.0.6 - Authenticated Privilege Escalation via Webserver Request
CVSS 7.1
CVE-2019-3895 HIGH
OpenStack Octavia < 0.9.0 - Unauthenticated Arbitrary Image Execution via Amphorae Spawning
CVSS 8.0
CVE-2019-3567 HIGH
osquery < 3.4.0 - Unauthenticated Privilege Escalation via Hard Link Attack on Extensions Load Path
CVSS 8.1
CVE-2019-11896 HIGH
Bosch Smart Home Controller <9.8.907 - Privilege Escalation
CVSS 7.1
Details
Vulnerabilities 5,331