CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,331 vulnerabilities with CWE-284
CVE-2017-18416
MEDIUM
cPanel < 56.0.52 - Arbitrary File Overwrite during Roundcube SQLite Schema Update
CVSS 5.5
CVE-2017-18404
LOW
cPanel < 62.0.35 - Unauthenticated Domain Data Deletion via .lock TLD
CVSS 3.1
CVE-2017-18403
MEDIUM
cPanel 61.9999.55-61.9999.9999 - Remote Code Execution via Mailman Archives
CVSS 6.3
CVE-2017-18385
MEDIUM
cPanel 61.9999.55-62.0.35 - Unauthenticated Improper Access Control during Account Restore
CVSS 5.5
CVE-2017-18384
LOW
cPanel 61.9999.55-61.9999.9999 - Improper Access Control via Jailed Account File Restore
CVSS 3.8
CVE-2017-18380
HIGH
edx-platform < 2017-08-03 - Password Reset Link Manipulation
CVSS 7.5
CVE-2017-10721
MEDIUM
Shekar Endoscope Camera Firmware - Unauthenticated Telnet Access
CVSS 6.5
CVE-2017-11365
CRITICAL
Symfony 2.7.30-2.7.31, 2.8.23, 3.2.10, 3.3.3 - Improper Access Control in Password Validator
CVSS 9.8
CVE-2017-5212
CRITICAL
Open-Xchange GmbH OX App Suite 7.8.3 - Info Disclosure
CVSS 9.8
CVE-2017-8340
HIGH
Open-xchange Appsuite < 7.8.3 - Improper Access Control
CVSS 8.8
CVE-2017-6912
HIGH
Open-Xchange GmbH OX App Suite <7.8.3 - Info Disclosure
CVSS 8.8
CVE-2017-5863
CRITICAL
Open-Xchange AppSuite < 7.8.3 - Improper Access Control
CVSS 9.8
CVE-2017-7912
CRITICAL
Hanwha Techwin SRN-4000 Firmware < 2.16_170401 - Unauthenticated Admin Access via Crafted HTTP Request
CVSS 9.8
CVE-2017-9626
CRITICAL
Marel Food Processing Systems Pluto - Unauthenticated RCE
CVSS 9.8
CVE-2017-7497
MEDIUM
Red Hat CloudForms Management Engine - Improper Access Control in Cloud Volume Creation Dialog
CVSS 4.1
CVE-2017-12171
MEDIUM
Red Hat Enterprise Linux 6.9 - Info Disclosure
CVSS 6.5
CVE-2017-2664
MEDIUM
CloudForms Management Engine < 5.7.3 and 5.8.x < 5.8.1 - Privilege Escalation via Unprotected Rails Application Methods
CVSS 6.5
CVE-2017-18101
MEDIUM
Atlassian JIRA <7.6.5, 7.7.0-7.7.3, 7.8.0-7.8.3 - Unauthenticated Import Execution
CVSS 6.5
CVE-2017-9285
MEDIUM
NetIQ eDirectory <9.0 SP4 - Privilege Escalation
CVSS 5.4
CVE-2017-12191
HIGH
Red Hat CloudForms - Improper Access Control via VMware Shared Account
CVSS 7.4
CVE-2017-18035
MEDIUM
Atlassian Fisheye and Crucible < 4.5.1 - Unauthenticated Information Disclosure via Review Coverage Chart Endpoint
CVSS 4.3
CVE-2017-9513
MEDIUM
Atlassian Activity Streams <6.3.0 - Privilege Escalation
CVSS 5.4
CVE-2017-15131
HIGH
xdg-user-dirs < 0.15.5 - Improper Access Control via Umask Policy Bypass
CVSS 7.8
CVE-2017-16766
MEDIUM
Synology DSM <6.1.4-15217, <6.0.3-8754-6 - XSS
CVSS 6.5
CVE-2017-5254
HIGH
Cambium Networks ePMP <3.5 - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities
5,331