CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2015-3854 HIGH
Android 5.x - Improper Access Control via PNW.stopSaver Broadcast Intent
CVSS 7.5
CVE-2015-8801 LOW
Symantec Endpoint Protection Manager < 12.1.6 - Local Restriction Bypass via USB Device Race Condition
CVSS 2.9
CVE-2015-7473 LOW
IBM WebSphere MQ <8.0.0.5 - Auth Bypass
CVSS 2.5
CVE-2015-8838 MEDIUM
PHP < 5.4.43, 5.5.x < 5.5.27, 5.6.x < 5.6.11 - Cleartext Downgrade Attack via MySQLnd SSL Option
CVSS 5.9
CVE-2015-5207 MEDIUM
Apache Cordova iOS <4.0.0 - Auth Bypass
CVSS 5.3
CVE-2015-6552 CRITICAL
Veritas NetBackup and NetBackup Appliance - Unauthenticated Remote Procedure Call Injection
CVSS 9.8
CVE-2015-6550 CRITICAL
Veritas NetBackup and NetBackup Appliance - Remote Code Execution via bpcd Crafted Input
CVSS 9.8
CVE-2015-8845 MEDIUM
Linux Kernel < 4.4 - Denial of Service via tm_reclaim_thread
CVSS 5.5
CVE-2015-5247 MEDIUM
libvirt 1.2.14-1.2.19 - Authenticated Denial of Service via virStorageVolCreateXML API
CVSS 6.5
CVE-2015-8550 HIGH
Xen - Denial of Service and Privilege Escalation via Double Fetch in PV Backend Memory
CVSS 8.2
CVE-2015-7545 CRITICAL
Git < 2.3.10, 2.4.x < 2.4.10, 2.5.x < 2.5.4, 2.6.x < 2.6.1 - Remote Code Execution via Remote Helper Protocols
CVSS 9.8
CVE-2015-8021 MEDIUM
F5 BIG-IP <11.2.1 HF11, 11.3.x, 11.4.0 - Auth Bypass
CVSS 4.3
CVE-2015-8681 HIGH
Huawei P8 and Mate S Firmware - Privilege Escalation via Ovisp Driver
CVSS 7.8
CVE-2015-8680 HIGH
Huawei P8 and Mate S - Privilege Escalation via Graphics Driver Interface
CVSS 7.8
CVE-2015-8679 MEDIUM
Huawei P8 and Mate S Firmware - Denial of Service via Maxim_smartpa_dev Driver
CVSS 5.5
CVE-2015-8307 HIGH
Huawei P8 and Mate S Firmware - Privilege Escalation and Denial of Service via Graphics Driver
CVSS 7.8
CVE-2015-8523 HIGH
IBM Tivoli Storage Manager FastBack <6.1.12.2 - DoS
CVSS 7.5
CVE-2015-7560 MEDIUM
Samba <4.1.23, <4.2.9, <4.3.6, <4.4.0rc4 - Privilege Escalation
CVSS 6.5
CVE-2015-7490 LOW
IBM InfoSphere Information Server <11.5 - Auth Bypass
CVSS 3.1
CVE-2015-7577 MEDIUM
Ruby on Rails 3.1.x-3.2.22, 4.0.x-4.1.14, 4.2.x-4.2.5, 5.x-beta1 - Improper Access Control via Nested Attributes
CVSS 5.3
CVE-2015-2008 MEDIUM
IBM QRadar SIEM 7.1.x-7.1 MR2 Patch 11 and 7.2.x-7.2.5 - Sensitive Information Exposure via Backup Archive
CVSS 4.4
CVE-2015-8361 CRITICAL
Atlassian Bamboo <5.9.9 & 5.10.x - Info Disclosure
CVSS 9.1
CVE-2015-6317 MEDIUM
Cisco Identity Services Engine < 2.0 - Authenticated Access Control Bypass via Direct Request
CVSS 6.5
CVE-2015-8512 MEDIUM
Mozilla Firefox OS <2.5 - Info Disclosure
CVSS 4.6
CVE-2015-6933 MEDIUM
VMware Player and Workstation - Improper Access Control in Shared Folders
CVSS 6.3
Details
Vulnerabilities 5,345