CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,331 vulnerabilities with CWE-284
CVE-2018-20930
MEDIUM
cPanel 61.9999.55-62.0.42 - .htaccess Restrictions Bypass via Htaccess Optimization
CVSS 6.5
CVE-2018-20890
MEDIUM
cPanel 69.9999.122-70.0.53 - Improper Access Control in Zone File Modification
CVSS 4.3
CVE-2018-13896
HIGH
Qualcomm Snapdragon Firmware - Improper Access Control in XBL_SEC Image Authentication
CVSS 7.8
CVE-2018-19588
HIGH
Alarm.com ADC-V522IR 0100b9 - Info Disclosure
CVSS 7.2
CVE-2018-17151
MEDIUM
Intersystems Cache <2017.2.2.865.0 - Privilege Escalation
CVSS 5.4
CVE-2018-11744
HIGH
Cloudera Manager < 5.16 - Improper Access Control
CVSS 8.1
CVE-2018-19576
HIGH
GitLab CE/EE <11.3.11-11.4.8-11.5.1 - Info Disclosure
CVSS 8.1
CVE-2018-19577
MEDIUM
Gitlab CE/EE <11.3.11-11.5.1 - Info Disclosure
CVSS 5.3
CVE-2018-19496
MEDIUM
GitLab <11.3.11-11.5.1 - Privilege Escalation
CVSS 6.5
CVE-2018-19494
MEDIUM
GitLab <11.3.11-11.5.1 - Info Disclosure
CVSS 4.3
CVE-2018-14833
MEDIUM
Intuit Lacerte 2017 - Info Disclosure
CVSS 5.9
CVE-2018-14859
HIGH
Odoo Community <= 11.0 and Odoo Enterprise <= 11.0 - Authenticated Password Reset Token Hijacking
CVSS 8.1
CVE-2018-14864
MEDIUM
Odoo 9.0-11.0 Authenticated Arbitrary Web Script Injection via Asset Bundle
CVSS 6.5
CVE-2018-14863
HIGH
Odoo Community 8.0-11.0 and Odoo Enterprise 9.0-11.0 - Authenticated Improper Access Control via RPC Framework
CVSS 8.1
CVE-2018-14885
CRITICAL
Odoo Community 10.0-11.0 and Odoo Enterprise 10.0-11.0 - Unauthenticated Database Restore via Database Manager
CVSS 9.8
CVE-2018-14867
MEDIUM
Odoo Community 9.0-10.0 and Odoo Enterprise 9.0-10.0 - Improper Access Control in Portal Messaging System
CVSS 5.3
CVE-2018-16553
HIGH
Jspxcms 9.0.0 - Authenticated Remote Code Execution via URL Routing
CVSS 7.2
CVE-2018-17148
CRITICAL
Nagios XI < 5.5.4 - Insufficient Access Control in Configuration Snapshot Page
CVSS 9.8
CVE-2018-18958
MEDIUM
OPNsense 18.7.0-18.7.6 - Improper Access Control
CVSS 6.5
CVE-2018-10691
HIGH
Moxa AWK-3121 1.14 - Unauthenticated Information Disclosure via System Log Download
CVSS 7.5
CVE-2018-5264
MEDIUM
Ubiquiti UniFi 52 - Unauthenticated Access Control Bypass via Hotspot Free Time Parameter
CVSS 5.9
CVE-2018-5406
HIGH
Quest KACE Systems Management Appliance < 9.0.270 - Unauthenticated Privilege Escalation via CORS Misconfiguration
CVSS 8.8
CVE-2018-13895
HIGH
Qualcomm Multiple Chipsets - Improper Access Control in RCS App Content Providers
CVSS 7.8
CVE-2018-15640
HIGH
Odoo 10.0-12.0 - Authenticated Privilege Escalation in Helpdesk App
CVSS 8.8
CVE-2018-15631
MEDIUM
Odoo < 12.0 - Authenticated Arbitrary File Read via Discuss App RPC Request
CVSS 6.5
Details
Vulnerabilities
5,331