CWE-284 (访问控制不恰当) — Vulnerability Class 2041

2041 vulnerabilities classified as CWE-284 (访问控制不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-2429	Improper Access Control in thorsten/phpmyfaq — thorsten/phpmyfaq	5.4	-	2023-04-30
CVE-2023-25496	Lenovo Drivers Management 安全漏洞 — Lenovo Drivers Management	7.8	High	2023-04-28
CVE-2021-23203	Odoo 安全漏洞 — Odoo Community	7.5	High	2023-04-25
CVE-2021-44465	Odoo 安全漏洞 — Odoo Community	4.3	-	2023-04-25
CVE-2021-23178	Odoo 安全漏洞 — Odoo Community	5.3	-	2023-04-25
CVE-2021-44460	Odoo 安全漏洞 — Odoo Community	9.8	-	2023-04-25
CVE-2021-45111	Odoo 安全漏洞 — Odoo Community	8.8	-	2023-04-25
CVE-2021-23176	Odoo 安全漏洞 — Odoo Community	6.5	-	2023-04-25
CVE-2023-24512	On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. — Terminattr	8.8	High	2023-04-25
CVE-2023-2202	Improper Access Control in francoisjacquet/rosariosis — francoisjacquet/rosariosis	5.4	-	2023-04-21
CVE-2023-2112	Desktop component allows lateral movement between sessions — M-Files Desktop	3.6	Low	2023-04-20
CVE-2023-27350	PaperCut NG 访问控制错误漏洞 — NG	9.8	-	2023-04-20
CVE-2023-29513	Users can be created even when registration is disabled without validation via the template macro in xwiki-platform — xwiki-platform	5.0	Medium	2023-04-18
CVE-2023-30539	Users can set up workflows using restricted and invisible system tags in Nextcloud — security-advisories	6.5	Medium	2023-04-17
CVE-2023-2104	Improper Access Control in alextselegidis/easyappointments — alextselegidis/easyappointments	5.4	-	2023-04-15
CVE-2023-26406	ZDI-CAN-20712: Net.HTTP.request URL restriction bypass — Acrobat Reader	7.8	High	2023-04-12
CVE-2023-26408	ZDI-CAN-20712: AnnotsString Object prototype pollution Restrictions Bypass Vulnerability — Acrobat Reader	7.8	High	2023-04-12
CVE-2023-28312	Azure Machine Learning Information Disclosure Vulnerability — Azure Machine Learning	6.5	Medium	2023-04-11
CVE-2023-28246	Windows Registry Elevation of Privilege Vulnerability — Windows Server 2022	7.8	High	2023-04-11
CVE-2023-28300	Azure Service Connector Security Feature Bypass Vulnerability — Azure Service Connector	7.5	High	2023-04-11
CVE-2023-28808	Hikvision Hybrid SAN/Cluster Storage products 安全漏洞 — DS-A71024/48/72R,DS-A80624S,DS-A81016S,DS-A72024/72R,DS-A80316S,DS-A82024D	9.1	Critical	2023-04-11
CVE-2023-28051	Dell Power Manager 安全漏洞 — Dell Power Manager (DPM)	7.8	High	2023-04-07
CVE-2023-1883	Improper Access Control in thorsten/phpmyfaq — thorsten/phpmyfaq	5.4	-	2023-04-05
CVE-2023-28845	Chat room membership disclosed via autocompletion in Nextcloud talk — security-advisories	3.5	Low	2023-03-31
CVE-2023-28844	User without download rights can download older version of that file in nextcloud server — security-advisories	5.7	Medium	2023-03-31
CVE-2023-28645	Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments — security-advisories	5.7	Medium	2023-03-31
CVE-2022-24972	TP-LINK TL-WR940N 访问控制错误漏洞 — TL-WR940N	6.5	-	2023-03-28
CVE-2023-1647	Improper Access Control in calcom/cal.com — calcom/cal.com	8.8	High	2023-03-27
CVE-2023-22250	Adobe Commerce Improper Access Control Security feature bypass — Magento Commerce	5.3	Medium	2023-03-27
CVE-2023-20065	Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software	7.8	High	2023-03-23

Vulnerabilities classified as CWE-284 (访问控制不恰当) represent 2041 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-284 (访问控制不恰当) — Vulnerability Class 2041