CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,331 vulnerabilities with CWE-284
CVE-2018-12546 MEDIUM
Eclipse Mosquitto <1.5.5 - Info Disclosure
CVSS 6.5
CVE-2018-16838 MEDIUM
sssd - Improper Access Control via Group Policy Objects Permission Handling
CVSS 5.4
CVE-2018-10612 CRITICAL
CODESYS Control V3 <3.5.14.0 - Info Disclosure
CVSS 9.8
CVE-2018-15459 MEDIUM
Cisco Identity Services Engine - Authenticated Privilege Escalation via Administrative Web Interface
CVSS 6.5
CVE-2018-19634 HIGH
CA Service Desk Manager <17 - Info Disclosure
CVSS 7.5
CVE-2018-15466 MEDIUM
Cisco Policy Suite for Mobile - Unauthenticated Improper Access Control in Graphite Web Interface
CVSS 5.3
CVE-2018-0484 MEDIUM
Cisco IOS and IOS XE - Improper Access Control in SSH Server VRF Handling
CVSS 5.3
CVE-2018-13816 CRITICAL
TIM 1531 IRC Firmware < 2.0 - Unauthenticated Improper Access Control on Port 102/tcp
CVSS 10.0
CVE-2018-7364 CRITICAL
ZTE ZXIN10 < resv1.01.44 - Unauthenticated Remote Code Execution via devcomm Process
CVSS 9.8
CVE-2018-16476 HIGH
Rails < 4.2.11 - Improper Access Control
CVSS 7.5
CVE-2018-17953 HIGH
Linux-PAM 1.3.0 - Improper Access Control via Incorrect Variable in pam_access Rule Matching
CVSS 7.5
CVE-2018-7362 HIGH
ZTE ZXHN F670 Firmware < 1.1.10p3t18 - Unauthenticated Improper Access Control
CVSS 7.5
CVE-2018-15394 CRITICAL
Cisco Stealthwatch Enterprise - Auth Bypass
CVSS 9.8
CVE-2018-17931 MEDIUM
VGo Robot Firmware < 3.0.3.52164 - Unauthenticated Code Execution via Script Alteration
CVSS 6.8
CVE-2018-16466 HIGH
Nextcloud Server <14.0.0-12.0.11 - Privilege Escalation
CVSS 8.1
CVE-2018-17908 HIGH
WebAccess <8.3.2 - Privilege Escalation
CVSS 7.8
CVE-2018-17921 HIGH
SAGA1-L8B Firmware < a0.10 - Unauthenticated Improper Access Control
CVSS 8.8
CVE-2018-15395 MEDIUM
Cisco Wireless LAN Controller - Privilege Escalation
CVSS 5.4
CVE-2018-15398 MEDIUM
Cisco ASA & FTD Software - Unauthenticated Access Control Bypass via Per-User-Override
CVSS 4.0
CVE-2018-15372 HIGH
Cisco IOS XE - Unauthenticated Authentication Bypass via MACsec MKA EAP-TLS
CVSS 8.1
CVE-2018-15371 MEDIUM
Cisco IOS XE - Authenticated Improper Access Control via Shell Access Request Mechanism
CVSS 6.7
CVE-2018-0447 MEDIUM
Cisco Email Security Appliance - Unauthenticated URL Filter Bypass via SPF Message Validation
CVSS 5.3
CVE-2018-0436 HIGH
Cisco Webex Teams < 10.6.0 - Authenticated Improper Access Control
CVSS 8.7
CVE-2018-14804 CRITICAL
Emerson AMS Device Manager <14 - RCE
CVSS 9.8
CVE-2018-15611 MEDIUM
Avaya Aura Communication Manager 6.3.0.1-6.3.16.9 & <7.1.3.1 - Privilege Escalation to Root
CVSS 6.3
Details
Vulnerabilities 5,331