CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,331 vulnerabilities with CWE-284
CVE-2019-6554
HIGH
Advantech WebAccess < 8.3.5 - Denial of Service via Improper Access Control
CVSS 7.5
CVE-2019-7475
CRITICAL
SonicWall <5.9.1.10, <6.2.7.3-6.5.3.1 - Info Disclosure
CVSS 9.8
CVE-2019-1759
MEDIUM
Cisco IOS XE - Unauthenticated Access Control Bypass via Gigabit Ethernet Management Interface
CVSS 5.3
CVE-2019-6538
CRITICAL
Medtronic MyCareLink Monitor 24950 and 24952 - Unauthenticated Improper Access Control via Conexus Telemetry Protocol
CVSS 9.3
CVE-2019-7611
HIGH
Elasticsearch <5.6.15, 6.6.1 - Privilege Escalation
CVSS 8.1
CVE-2019-1763
HIGH
Cisco IP Phone 8800 Series <11.0(5)/<12.5(1)SR1 - Auth Bypass & DoS via URL Sanitization
CVSS 7.5
CVE-2019-1690
MEDIUM
Cisco APIC < 4.2(0.21c) - Unauthenticated Access Control Bypass via IPv6
CVSS 6.5
CVE-2019-1601
HIGH
Cisco NX-OS < 8.3(1) - Authenticated Improper Access Control in Filesystem Permissions
CVSS 7.8
CVE-2019-3779
HIGH
Cloud Foundry Container Runtime < 0.29.0 - Privilege Escalation via Kubernetes CSR Certificate Authority
CVSS 8.8
CVE-2019-6520
HIGH
Moxa IKS-G6824A Firmware < 4.5 and EDS-405A/408A/510A Firmware < 3.8 - Improper Access Control
CVSS 7.5
CVE-2019-1666
MEDIUM
Cisco HyperFlex HX Data Platform < 3.5(2a) - Unauthenticated Data Retrieval via Graphite Service
CVSS 5.3
CVE-2019-1664
HIGH
Cisco HyperFlex HX Data Platform < 3.5(2a) - Unauthenticated Privilege Escalation via hxterm Service
CVSS 7.8
CVE-2019-1660
MEDIUM
Cisco TelePresence Management Suite - Unauthenticated Improper Access Control via SOAP Interface
CVSS 5.3
CVE-2019-6517
MEDIUM
BD FACSLyric and FACSLyric IVD - Improper Access Control
CVSS 6.8
CVE-2019-1653
HIGH
KEV
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
CVSS 7.5
CVE-2019-1647
HIGH
Cisco SD-WAN < 18.4.0 - Authenticated Improper Access Control
CVSS 8.0
CVE-2018-25093
MEDIUM
Vaerys-Dawn DiscordSailv2 <2.10.3 - Improper Access Controls
CVSS 5.5
CVE-2018-25092
MEDIUM
Vaerys-Dawn DiscordSailv2 <2.10.3 - Improper Access Controls
CVSS 5.5
CVE-2018-17559
HIGH
ABUS TVIP Firmware - Unauthenticated Video Stream Access via /video.mjpg
CVSS 7.5
CVE-2018-19945
CRITICAL
QNAP QTS 4.3.4-4.3.6 - Arbitrary File Rename via Path Traversal
CVSS 9.1
CVE-2018-15645
MEDIUM
Odoo < 12.0 - Authenticated Arbitrary Record Creation via Message Routing
CVSS 6.5
CVE-2018-15513
MEDIUM
totemomail 6.0.0 build 570 - Improper Access Control in Log Viewer
CVSS 5.3
CVE-2018-21007
CRITICAL
woo-confirmation-email < 3.2.0 - Unauthenticated Improper Access Control
CVSS 9.8
CVE-2018-20957
HIGH
Tapplock one+ Firmware < 2018-06-12 - Replay Attack via BLE Subsystem
CVSS 8.8
CVE-2018-20938
LOW
cPanel 67.9999.64-68.0.26 - Improper Access Control in WHM API addpkgext and delpkgext
CVSS 2.7
Details
Vulnerabilities
5,331