CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2015-1304
Google Chrome < 45.0.2454.93 - Same Origin Policy Bypass via Object.observe Method Calls
CVE-2015-5913
macOS < 10.10.5 - Remote Replay Attack via SMB Server Kerberos Authentication
CVE-2015-0141
IBM OpenPages GRC Platform 6.2-6.2.1.1, 7.0-7.1 - Authenticated Arbitrary User Filter Modification via JSON Request
CVE-2015-3860
Android < 5.1 - Lockscreen Bypass via Long Password Input
CVE-2015-3833
Android <5.1.1 - Privilege Escalation
CVE-2015-1541
Android <5.1.1 - Privilege Escalation
CVE-2015-6928
CubeCart 5.2.12-5.2.16 and 6.x < 6.0.7 - Unauthenticated Administrative Password Reset via Password Recovery Bypass
CVE-2015-7306
CMS Updater 7.x-1.x - Authenticated Improper Access Control
CVE-2015-5882
Apple iOS <9 - Privilege Escalation
CVE-2015-5861
Apple iOS <9 - Privilege Escalation
CVE-2015-5838
Apple iOS <9 - Privilege Escalation
CVE-2015-5826
Safari < 8.0.8 and iPhone OS < 8.4.1 - Same Origin Policy Bypass via CSS Content-Type Handling
CVE-2015-1173
Unit4 Polska TETA Web <22.62.3.4 - Privilege Escalation
CVE-2015-6675
Siemens RUGGEDCOM ROS 3.8.0-4.1.x - VLAN Isolation Bypass via IP Forwarding
CVE-2015-2534
Hyper-V in Windows 8.1, Windows Server 2012 R2, and Windows 10 - Security Feature Bypass via ACL Mismanagement
CVE-2015-2509
Windows Media Center - Remote Code Execution via Crafted MCL File
CVE-2015-4299
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) - Authenticated Improper Access Control
CVE-2015-4298
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) - Authenticated Improper Access Control
CVE-2015-4302
Cisco FireSIGHT Management Center 5.3.1.4 - Unauthenticated Arbitrary System Policy Deletion via POST Request
CVE-2015-5512
Drupal me aliases module <6.2.10, 7.1.2 - RCE
CVE-2015-5502
Drupal Storage API <7.x-1.8 - Info Disclosure
CVE-2015-0277
PicketLink < 2.6.0 - Unauthenticated Account Access via SAML AudienceRestriction Bypass
CVE-2015-5746
iPhone OS < 8.4.1 - Filesystem Access Restriction Bypass via AFC Symlink Mishandling
CVE-2015-3806
Apple iOS <8.4.1 & OS X <10.10.5 - Auth Bypass
CVE-2015-3757
Apple OS X <10.10.5 - Info Disclosure
Details
Vulnerabilities 5,345