CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,331 vulnerabilities with CWE-284
CVE-2018-20930 MEDIUM
cPanel 61.9999.55-62.0.42 - .htaccess Restrictions Bypass via Htaccess Optimization
CVSS 6.5
CVE-2018-20890 MEDIUM
cPanel 69.9999.122-70.0.53 - Improper Access Control in Zone File Modification
CVSS 4.3
CVE-2018-13896 HIGH
Qualcomm Snapdragon Firmware - Improper Access Control in XBL_SEC Image Authentication
CVSS 7.8
CVE-2018-19588 HIGH
Alarm.com ADC-V522IR 0100b9 - Info Disclosure
CVSS 7.2
CVE-2018-17151 MEDIUM
Intersystems Cache <2017.2.2.865.0 - Privilege Escalation
CVSS 5.4
CVE-2018-11744 HIGH
Cloudera Manager < 5.16 - Improper Access Control
CVSS 8.1
CVE-2018-19576 HIGH
GitLab CE/EE <11.3.11-11.4.8-11.5.1 - Info Disclosure
CVSS 8.1
CVE-2018-19577 MEDIUM
Gitlab CE/EE <11.3.11-11.5.1 - Info Disclosure
CVSS 5.3
CVE-2018-19496 MEDIUM
GitLab <11.3.11-11.5.1 - Privilege Escalation
CVSS 6.5
CVE-2018-19494 MEDIUM
GitLab <11.3.11-11.5.1 - Info Disclosure
CVSS 4.3
CVE-2018-14833 MEDIUM
Intuit Lacerte 2017 - Info Disclosure
CVSS 5.9
CVE-2018-14859 HIGH
Odoo Community <= 11.0 and Odoo Enterprise <= 11.0 - Authenticated Password Reset Token Hijacking
CVSS 8.1
CVE-2018-14864 MEDIUM
Odoo 9.0-11.0 Authenticated Arbitrary Web Script Injection via Asset Bundle
CVSS 6.5
CVE-2018-14863 HIGH
Odoo Community 8.0-11.0 and Odoo Enterprise 9.0-11.0 - Authenticated Improper Access Control via RPC Framework
CVSS 8.1
CVE-2018-14885 CRITICAL
Odoo Community 10.0-11.0 and Odoo Enterprise 10.0-11.0 - Unauthenticated Database Restore via Database Manager
CVSS 9.8
CVE-2018-14867 MEDIUM
Odoo Community 9.0-10.0 and Odoo Enterprise 9.0-10.0 - Improper Access Control in Portal Messaging System
CVSS 5.3
CVE-2018-16553 HIGH
Jspxcms 9.0.0 - Authenticated Remote Code Execution via URL Routing
CVSS 7.2
CVE-2018-17148 CRITICAL
Nagios XI < 5.5.4 - Insufficient Access Control in Configuration Snapshot Page
CVSS 9.8
CVE-2018-18958 MEDIUM
OPNsense 18.7.0-18.7.6 - Improper Access Control
CVSS 6.5
CVE-2018-10691 HIGH
Moxa AWK-3121 1.14 - Unauthenticated Information Disclosure via System Log Download
CVSS 7.5
CVE-2018-5264 MEDIUM
Ubiquiti UniFi 52 - Unauthenticated Access Control Bypass via Hotspot Free Time Parameter
CVSS 5.9
CVE-2018-5406 HIGH
Quest KACE Systems Management Appliance < 9.0.270 - Unauthenticated Privilege Escalation via CORS Misconfiguration
CVSS 8.8
CVE-2018-13895 HIGH
Qualcomm Multiple Chipsets - Improper Access Control in RCS App Content Providers
CVSS 7.8
CVE-2018-15640 HIGH
Odoo 10.0-12.0 - Authenticated Privilege Escalation in Helpdesk App
CVSS 8.8
CVE-2018-15631 MEDIUM
Odoo < 12.0 - Authenticated Arbitrary File Read via Discuss App RPC Request
CVSS 6.5
Details
Vulnerabilities 5,331