Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-19 | CVE-2019-10127 | Improper Access Control vulnerability in Postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. | 8.8 |
| 2020-12-21 | CVE-2020-35497 | Improper Access Control vulnerability in multiple products A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. | 6.5 |
| 2020-11-19 | CVE-2020-7561 | Improper Access Control vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7 A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | 9.8 |
| 2020-10-28 | CVE-2020-16261 | Improper Access Control vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access. | 6.8 |
| 2020-09-17 | CVE-2020-8028 | Improper Access Control vulnerability in Suse Salt-Netapi-Client 0.16.04.14.1/0.17.03.3.2 A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. | 9.3 |
| 2019-08-30 | CVE-2018-15513 | Improper Access Control vulnerability in Totemo Totemomail 6.0.0 Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | 5.3 |
| 2019-08-29 | CVE-2018-21007 | Improper Access Control vulnerability in Wisetr User Email Verification for Woocommerce The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. | 9.8 |
| 2019-08-22 | CVE-2015-9337 | Improper Access Control vulnerability in Cozmoslabs Profile Builder The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | 7.5 |
| 2019-08-16 | CVE-2017-18543 | Improper Access Control vulnerability in Invite Anyone Project Invite Anyone The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. | 9.8 |
| 2019-08-08 | CVE-2018-20957 | Improper Access Control vulnerability in Tapplock One+ Firmware The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | 8.8 |