Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2019-06-19 CVE-2019-2729 Improper Access Control vulnerability in Oracle products
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
network
low complexity
oracle CWE-284
critical
9.8
2019-06-19 CVE-2018-17148 Improper Access Control vulnerability in Nagios XI
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.
network
low complexity
nagios CWE-284
critical
9.8
2019-06-17 CVE-2017-10721 Improper Access Control vulnerability in Ishekar Endoscope Camera Firmware
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default.
network
low complexity
ishekar CWE-284
6.5
2019-06-17 CVE-2018-18958 Improper Access Control vulnerability in Opnsense
OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.
network
low complexity
opnsense CWE-284
6.5
2019-06-07 CVE-2018-10691 Improper Access Control vulnerability in Moxa Awk-3121 Firmware 1.14
An issue was discovered on Moxa AWK-3121 1.14 devices.
network
low complexity
moxa CWE-284
7.5
2019-06-07 CVE-2018-5264 Improper Access Control vulnerability in UI Unifi Firmware
Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter.
network
high complexity
ui CWE-284
5.9
2019-05-24 CVE-2018-13895 Improper Access Control vulnerability in Qualcomm products
Due to the missing permissions on several content providers of the RCS app in its android manifest file will lead to an unprivileged access to phone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20
local
low complexity
qualcomm CWE-284
7.8
2019-05-23 CVE-2017-11365 Improper Access Control vulnerability in Sensiolabs Symfony
Certain Symfony products are affected by: Incorrect Access Control.
network
low complexity
sensiolabs CWE-284
critical
9.8
2019-05-23 CVE-2017-5212 Improper Access Control vulnerability in Open-Xchange Appsuite 7.8.3
Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.
network
low complexity
open-xchange CWE-284
critical
9.8
2019-05-22 CVE-2017-8340 Improper Access Control vulnerability in Open-Xchange Appsuite
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
network
low complexity
open-xchange CWE-284
8.8