Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,081)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-18403 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
CVE-2019-10168 1Redhat 9Enterprise Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Aug 2, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain....Show more The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.Show less
CVE-2019-10167 1Redhat 9Enterprise Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Aug 2, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt wi...Show more The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.Show less
CVE-2019-10166 1Redhat 9Enterprise Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Aug 2, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state fil...Show more It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.Show less
CVE-2017-18385 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
CVE-2017-18384 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 3.8 LOW· v3 2.1 LOW· v2 cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
CVE-2016-10820 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
CVE-2018-20938 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 2.7 LOW· v3 4.0 MEDIUM· v2 cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
CVE-2016-10830 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
CVE-2018-20930 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
CVE-2016-10838 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
CVE-2016-10860 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
CVE-2016-10857 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
CVE-2016-10856 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).
CVE-2016-10852 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
CVE-2015-9291 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).
CVE-2018-20890 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
CVE-2014-8183 2Redhat Theforeman 2Foreman Satellite Nov 21, 2024 Aug 1, 2019 N/A· v4 7.4 HIGH· v3 6.5 MEDIUM· v2 It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access reso...Show more It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.Show less
CVE-2019-10189 1Moodle 1Moodle Nov 21, 2024 Jul 31, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.
CVE-2019-10188 1Moodle 1Moodle Nov 21, 2024 Jul 31, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz.

Previous 1...200201202...255 Next