CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,331 vulnerabilities with CWE-284
CVE-2019-10166
HIGH
libvirtd <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10189
MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10188
MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10187
MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10161
HIGH
libvirtd <4.10.1-5.4.1 - Info Disclosure
CVSS 7.8
CVE-2019-5452
LOW
Nextcloud Android App < 3.6.2 - Improper Access Control via Thumbnail Content Provider
CVSS 2.4
CVE-2019-10138
HIGH
python-novajoin <1.1.1 - Privilege Escalation
CVSS 8.8
CVE-2019-10130
MEDIUM
PostgreSQL <11.3, 10.8, 9.6.13, 9.5.17 - Info Disclosure
CVSS 4.3
CVE-2019-9884
CRITICAL
eClass platform < ip.2.5.10.2.1 - Auth Bypass
CVSS 9.8
CVE-2019-3794
MEDIUM
Cloud Foundry UAA < 73.4.0 - Clickjacking via Missing X-FRAME-OPTIONS Header
CVSS 5.4
CVE-2019-10970
CRITICAL
Rockwell Automation PanelView 5510 Firmware < 4.003 - Unauthenticated Root Access via Boot-Up Exploit
CVSS 9.8
CVE-2019-1010316
HIGH
pyxtrlock < 0.3 - Incorrect Access Control
CVSS 7.8
CVE-2019-9886
HIGH
BroadLearning eClass <ip.2.5.10.2.1 - Info Disclosure
CVSS 7.5
CVE-2019-1890
MEDIUM
Cisco Nexus 9000 - Privilege Escalation
CVSS 6.5
CVE-2019-13028
HIGH
electronic_identification_cards_client < 3.1.2 (Windows) & < 3.0.3 (Linux) - RCE via Local Web Server
CVSS 8.8
CVE-2019-10964
HIGH
Medtronic MiniMed 508 and Paradigm Firmware - Improper Access Control via Wireless RF Communication
CVSS 7.1
CVE-2019-10175
MEDIUM
virt-cdi-cloner 1.4 - Privilege Escalation
CVSS 6.5
CVE-2019-1622
MEDIUM
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
CVSS 5.3
CVE-2019-1619
CRITICAL
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution via Improper Session Management
CVSS 9.8
CVE-2019-2729
CRITICAL
Oracle Communications Diameter Signaling Router - Unauthenticated Remote Code Execution via HTTP
CVSS 9.8
CVE-2019-10962
MEDIUM
BD Alaris Gateway Workstation Firmware <=1.1.6 - Unauthenticated Information Disclosure
CVSS 5.3
CVE-2019-10925
HIGH
SIMATIC MV400 family < V7.0.6 - Authenticated Privilege Escalation via Webserver Request
CVSS 7.1
CVE-2019-3895
HIGH
OpenStack Octavia < 0.9.0 - Unauthenticated Arbitrary Image Execution via Amphorae Spawning
CVSS 8.0
CVE-2019-3567
HIGH
osquery < 3.4.0 - Unauthenticated Privilege Escalation via Hard Link Attack on Extensions Load Path
CVSS 8.1
CVE-2019-11896
HIGH
Bosch Smart Home Controller <9.8.907 - Privilege Escalation
CVSS 7.1
Details
Vulnerabilities
5,331