CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,331 vulnerabilities with CWE-284
CVE-2017-15891
MEDIUM
Synology Calendar < 2.0.1-0242 - Authenticated Calendar Event Modification via SYNO.Cal.EventBase
CVSS 6.5
CVE-2017-12340
MEDIUM
Cisco NX-OS - Authenticated Bash Shell Access via Python Scripting Sandbox Escape
CVSS 4.2
CVE-2017-14031
HIGH
Trihedral VTScada <11.3.03 - Info Disclosure
CVSS 7.8
CVE-2017-12262
HIGH
Cisco APIC-EM - Privilege Escalation
CVSS 8.8
CVE-2017-8448
HIGH
Elastic X-Pack Alerting 5.0.0-5.6.0 - Improper Privilege Management via Watch Creation
CVSS 8.8
CVE-2017-8447
MEDIUM
Elastic X-Pack Security 5.3.0-5.5.2 - Improper Privilege Management
CVSS 6.5
CVE-2017-6866
MEDIUM
Siemens XHQ <4.7.1.3, <5.0.0.2 - Privilege Escalation
CVSS 6.5
CVE-2017-7928
CRITICAL
SEL-3620 and SEL-3622 Security Gateway R202-R204 - Improper Access Control via NAT Port Forwarding
CVSS 10.0
CVE-2017-7918
MEDIUM
Cambium Networks ePMP - Improper Access Control via SNMP Configuration Export
CVSS 6.8
CVE-2017-8438
HIGH
Elastic X-Pack Security 5.0.0-5.4.0 - Improper Privilege Management in run_as Functionality
CVSS 8.8
CVE-2017-6016
HIGH
LCDS LAquis SCADA < 4.1 - Authenticated Privilege Escalation via File Modification
CVSS 7.3
CVE-2016-10408
HIGH
Qualcomm 9206 LTE Modem Firmware - Denial of Service via Speculative Instruction Fetch
CVSS 8.4
CVE-2016-4427
HIGH
zulip < 1.3.12 - Unauthenticated Message Access via SSO
CVSS 7.5
CVE-2016-4426
MEDIUM
zulip < 1.3.12 - Unauthenticated Bot API Key Exposure
CVSS 4.3
CVE-2016-10802
HIGH
cPanel 11.51.9999.98-11.52.6.2 - Remote Code Execution via PHP CGI Handler
CVSS 8.8
CVE-2016-10799
MEDIUM
cPanel 11.51.9999.98-11.52.6.2 - Improper Access Control via Pear tmp Directory
CVSS 5.5
CVE-2016-10792
HIGH
cPanel 11.51.9999.98-11.52.6.6 - Remote Code Execution via Mailman List Archives
CVSS 8.8
CVE-2016-10820
HIGH
cPanel 11.50.0.4-11.50.5.2 - Improper Access Control via Daemon TTY Access
CVSS 8.8
CVE-2016-10830
HIGH
cPanel 11.50.0.4-11.50.5.2 - Access Control Bypass via magic_revision
CVSS 8.1
CVE-2016-10838
MEDIUM
cPanel 11.48.0.5-11.48.5.2 - Arbitrary File Read via bin/fmq Script
CVSS 6.5
CVE-2016-10860
HIGH
cPanel 11.48.0.5-11.48.4.8 - Unauthenticated Zone Modification via WHM API
CVSS 8.1
CVE-2016-10857
MEDIUM
cPanel 11.48.0.5-11.48.4.8 - Improper Access Control
CVSS 6.5
CVE-2016-10856
MEDIUM
cPanel 11.48.0.5-11.48.4.8 - Sensitive Data Exposure via Comet Feeds
CVSS 6.5
CVE-2016-10852
MEDIUM
cPanel 11.48.0.5-11.48.5.2 - Improper Access Control in AppConfig Subsystem
CVSS 6.5
CVE-2016-1587
HIGH
snapweb < 0.21.2 - Unauthenticated Snap Package Installation and Removal
CVSS 7.1
Details
Vulnerabilities
5,331