CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,331 vulnerabilities with CWE-284
CVE-2019-6554 HIGH
Advantech WebAccess < 8.3.5 - Denial of Service via Improper Access Control
CVSS 7.5
CVE-2019-7475 CRITICAL
SonicWall <5.9.1.10, <6.2.7.3-6.5.3.1 - Info Disclosure
CVSS 9.8
CVE-2019-1759 MEDIUM
Cisco IOS XE - Unauthenticated Access Control Bypass via Gigabit Ethernet Management Interface
CVSS 5.3
CVE-2019-6538 CRITICAL
Medtronic MyCareLink Monitor 24950 and 24952 - Unauthenticated Improper Access Control via Conexus Telemetry Protocol
CVSS 9.3
CVE-2019-7611 HIGH
Elasticsearch <5.6.15, 6.6.1 - Privilege Escalation
CVSS 8.1
CVE-2019-1763 HIGH
Cisco IP Phone 8800 Series <11.0(5)/<12.5(1)SR1 - Auth Bypass & DoS via URL Sanitization
CVSS 7.5
CVE-2019-1690 MEDIUM
Cisco APIC < 4.2(0.21c) - Unauthenticated Access Control Bypass via IPv6
CVSS 6.5
CVE-2019-1601 HIGH
Cisco NX-OS < 8.3(1) - Authenticated Improper Access Control in Filesystem Permissions
CVSS 7.8
CVE-2019-3779 HIGH
Cloud Foundry Container Runtime < 0.29.0 - Privilege Escalation via Kubernetes CSR Certificate Authority
CVSS 8.8
CVE-2019-6520 HIGH
Moxa IKS-G6824A Firmware < 4.5 and EDS-405A/408A/510A Firmware < 3.8 - Improper Access Control
CVSS 7.5
CVE-2019-1666 MEDIUM
Cisco HyperFlex HX Data Platform < 3.5(2a) - Unauthenticated Data Retrieval via Graphite Service
CVSS 5.3
CVE-2019-1664 HIGH
Cisco HyperFlex HX Data Platform < 3.5(2a) - Unauthenticated Privilege Escalation via hxterm Service
CVSS 7.8
CVE-2019-1660 MEDIUM
Cisco TelePresence Management Suite - Unauthenticated Improper Access Control via SOAP Interface
CVSS 5.3
CVE-2019-6517 MEDIUM
BD FACSLyric and FACSLyric IVD - Improper Access Control
CVSS 6.8
CVE-2019-1653 HIGH KEV
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
CVSS 7.5
CVE-2019-1647 HIGH
Cisco SD-WAN < 18.4.0 - Authenticated Improper Access Control
CVSS 8.0
CVE-2018-25093 MEDIUM
Vaerys-Dawn DiscordSailv2 <2.10.3 - Improper Access Controls
CVSS 5.5
CVE-2018-25092 MEDIUM
Vaerys-Dawn DiscordSailv2 <2.10.3 - Improper Access Controls
CVSS 5.5
CVE-2018-17559 HIGH
ABUS TVIP Firmware - Unauthenticated Video Stream Access via /video.mjpg
CVSS 7.5
CVE-2018-19945 CRITICAL
QNAP QTS 4.3.4-4.3.6 - Arbitrary File Rename via Path Traversal
CVSS 9.1
CVE-2018-15645 MEDIUM
Odoo < 12.0 - Authenticated Arbitrary Record Creation via Message Routing
CVSS 6.5
CVE-2018-15513 MEDIUM
totemomail 6.0.0 build 570 - Improper Access Control in Log Viewer
CVSS 5.3
CVE-2018-21007 CRITICAL
woo-confirmation-email < 3.2.0 - Unauthenticated Improper Access Control
CVSS 9.8
CVE-2018-20957 HIGH
Tapplock one+ Firmware < 2018-06-12 - Replay Attack via BLE Subsystem
CVSS 8.8
CVE-2018-20938 LOW
cPanel 67.9999.64-68.0.26 - Improper Access Control in WHM API addpkgext and delpkgext
CVSS 2.7
Details
Vulnerabilities 5,331