CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,345 vulnerabilities with CWE-284
CVE-2015-3840
MEDIUM
Android < 5.1.1 - Unauthenticated SMS/MMS Status Manipulation via MessageStatusReceiver
CVSS 5.5
CVE-2015-9029
HIGH
Android - Improper Access Control in Modem Memory
CVSS 7.8
CVE-2015-9024
MEDIUM
Android - Improper Access Control in QTEE Application Interfaces
CVSS 5.5
CVE-2015-9021
MEDIUM
Android - Improper Access Control in SMEM Memory
CVSS 5.5
CVE-2015-2692
CRITICAL
AdBlock < 2.20.1 - Improper Access Control via Filter Injection
CVSS 10.0
CVE-2015-3295
MEDIUM
markdown-it < 4.1.0 - Improper Access Control via Data URL Handling
CVSS 5.3
CVE-2015-9006
HIGH
Android - Improper Access Control in Resource Power Manager
CVSS 7.8
CVE-2015-0104
HIGH
IBM Maximo and Tivoli Asset Management - Authenticated Remote Code Execution
CVSS 8.8
CVE-2015-8284
HIGH
SeaWell Networks Spectrum SDC <2.05.00 - Privilege Escalation
CVSS 8.8
CVE-2015-8275
MEDIUM
LVRTC eParakstitajs <3.0 - Code Injection
CVSS 5.5
CVE-2015-7265
HIGH
Facebook Proxygen before 2015-11-09 - Improper Access Control via HTTPMessage.request State Mismanagement
CVSS 7.5
CVE-2015-7263
HIGH
Facebook Proxygen before 2015-11-09 - Access Control Bypass via SPDY/2 Host Header
CVSS 7.5
CVE-2015-4624
HIGH
Hak5 WiFi Pineapple 2.0-2.3 - Predictable CSRF Token
CVSS 7.5
CVE-2015-8627
MEDIUM
MediaWiki < 1.23.12, 1.24.x < 1.24.5, 1.25.x < 1.25.4, 1.26.x < 1.26.1 - Zero-Padded IP Address Bypass
CVSS 5.3
CVE-2015-8987
MEDIUM
McAfee Agent < 4.8.0 - Man-in-the-Middle Attack via ePO Server Migration
CVSS 5.3
CVE-2015-8832
HIGH
dotclear < 2.8.1 - Authenticated Arbitrary PHP Code Execution via File Upload
CVSS 8.8
CVE-2015-6023
HIGH
NetCommWireless HSPA 3G10WVE - Auth Bypass
CVSS 7.3
CVE-2015-7494
LOW
IBM Cloud Orchestrator - Privilege Escalation
CVSS 2.8
CVE-2015-1976
MEDIUM
IBM Security Directory Server 6.0-6.0.0.76, 6.1, 6.2, 6.3.0.0-6.3.1.14, 6.4 - Authenticated DoS via Web Admin Tool
CVSS 5.5
CVE-2015-8973
HIGH
MyBB < 1.6.18 and 1.8.x < 1.8.6 and Merge System < 1.8.6 - Unauthenticated Access Control Bypass via Forum Password
CVSS 8.3
CVE-2015-8140
MEDIUM
ntp < 4.2.8 - Replay Attack via ntpq Protocol
CVSS 4.8
CVE-2015-8139
MEDIUM
ntp < 4.2.8p7 - Remote Peer Impersonation via Origin Timestamp Exposure
CVSS 5.3
CVE-2015-4594
CRITICAL
eClinicalWorks Population Health - Session Fixation
CVSS 9.8
CVE-2015-1000010
HIGH
simple-image-manipulator <1.0 - Info Disclosure
CVSS 7.5
CVE-2015-1000009
CRITICAL
Wordpress plugin google-adsense-and-hotel-booking v1.05 - SSRF
CVSS 9.1
Details
Vulnerabilities
5,345