Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,081)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-10187 1Moodle 1Moodle Nov 21, 2024 Jul 31, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.
CVE-2019-10161 2Canonical Redhat 5Enterprise Linux LibvirtUbuntu Linux+2 more Nov 21, 2024 Jul 30, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of...Show more It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.Show less
CVE-2019-5452 1Nextcloud 1Nextcloud Nov 21, 2024 Jul 30, 2019 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.
CVE-2019-10138 1Python 1Novajoin Nov 21, 2024 Jul 30, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to gen...Show more A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.Show less
CVE-2019-10130 2Opensuse Postgresql 2Leap Postgresql Nov 21, 2024 Jul 30, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Cert...Show more A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.Show less
CVE-2017-18380 1Edx 1Edx Platform Nov 21, 2024 Jul 30, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.
CVE-2019-9884 1Eclass 1Eclass Ip Nov 21, 2024 Jul 25, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.
CVE-2018-13896 1Qualcomm 36Mdm9206 Firmware Mdm9607 FirmwareMdm9650 Firmware+33 more Nov 21, 2024 Jul 22, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna...Show more XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130Show less
CVE-2019-3794 1Pivotal Software 1Cloud Foundry Uaa Nov 21, 2024 Jul 18, 2019 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
CVE-2019-10970 1Rockwellautomation 1Panelview 5510 Firmware Nov 21, 2024 Jul 11, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelVie...Show more In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.Show less
CVE-2019-1010316 1Pyxtrlock Project 1Pyxtrlock Nov 21, 2024 Jul 11, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4.
CVE-2019-9886 1Eclass 1Eclass Ip Nov 21, 2024 Jul 11, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.
CVE-2018-19588 1Alarm 1Adc V522ir Firmware Nov 21, 2024 Jul 11, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control.
CVE-2018-17151 1Intersystems 1Cache Nov 21, 2024 Jul 11, 2019 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control.
CVE-2018-11744 1Cloudera 1Cloudera Manager Nov 21, 2024 Jul 11, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Cloudera Manager through 5.15 has Incorrect Access Control.
CVE-2018-19576 1Gitlab 1Gitlab Nov 21, 2024 Jul 10, 2019 N/A· v4 8.1 HIGH· v3 6.4 MEDIUM· v2 GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an i...Show more GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.Show less
CVE-2018-19577 1Gitlab 1Gitlab Nov 21, 2024 Jul 10, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace...Show more Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.Show less
CVE-2018-19496 1Gitlab 1Gitlab Nov 21, 2024 Jul 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with...Show more An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone.Show less
CVE-2018-19494 1Gitlab 1Gitlab Nov 21, 2024 Jul 10, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view...Show more An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.Show less
CVE-2018-14833 1Intuit 1Lacerte Nov 21, 2024 Jul 9, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Intuit Lacerte 2017 has Incorrect Access Control.

Previous 1...201202203...255 Next