CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2015-3155
Foreman < 1.8.0 - Session Cookie Secure Flag Not Set
CVE-2015-3213
Clutter < 1.16.0 - Lock Screen Bypass via Gesture Handling
CVE-2015-5960
Mozilla Firefox OS <2.2 - Privilege Escalation
CVE-2015-5623
WordPress < 4.2.3 - Authenticated Improper Access Control via Post Quickdraft Save
CVE-2015-3224
rubyonrails/web_console < 2.1.2 and rubygems/web-console < 2.1.3 - Improper Access Control via X-Forwarded-For Header
CVE-2015-2847
Honeywell Tuxedo Touch < 5.1.13.0_va - Improper Access Control via USERACCT Request Removal
CVE-2015-5464
Gemalto SafeNet Luna HSM - Auth Bypass
CVE-2015-1922
IBM DB2 9.7-10.5 - Authenticated Table Row Deletion via Data Movement
CVE-2015-4271
Cisco TelePresence TC - Unauthenticated Authentication Bypass via Multiple Request Parameters
CVE-2015-1763
Microsoft SQL Server 2008 SP3-SP4, 2008 R2 SP2-SP3, 2012 SP1-SP2, 2014 - Remote Code Execution via Uninitialized Memory
CVE-2015-1761
Microsoft SQL Server 2008-2014 Authenticated Privilege Escalation via Incorrect Pointer Cast
CVE-2015-3007
Juniper SRX Series - Privilege Escalation
CVE-2015-1936
IBM WebSphere Application Server 8.0.0-8.0.0.10 and 8.5-8.5.5.5 - Session Hijacking via JSESSIONID
CVE-2015-1927
IBM WebSphere Application Server 7.0.0-7.0.0.38, 8.0.0-8.0.0.10, 8.5-8.5.5.5 - Unauthenticated Privileged Access
CVE-2015-1961
IBM Business Process Manager 7.5.x-8.5.6.0 - Authenticated Arbitrary JavaScript Execution via REST API
CVE-2015-4526
EMC RecoverPoint for Virtual Machines 4.2 - Privilege Escalation via Boxmgmt CLI Bypass
CVE-2015-3650
VMware <10.0.7-11.1.1 - Privilege Escalation
CVE-2015-5116
Adobe Flash Player < 13.0.0.289 and 14.x-18.x < 18.0.0.203 - Same Origin Policy Bypass
CVE-2015-3125
Adobe Flash Player <13.0.0.302 & 14.x-18.x - Auth Bypass
CVE-2015-3116
Adobe Flash Player <13.0.0.302 & 14.x-18.x - Auth Bypass
CVE-2015-3115
Adobe Flash Player <13.0.0.302 & 14.x-18.x - Auth Bypass
CVE-2015-3114
Adobe Flash Player <13.0.0.302-18.0.0.203 - Auth Bypass
CVE-2015-4034
Samsung Galaxy S5 - Remote Code Execution via Crafted Parcelable Object
CVE-2015-3692
Apple Mac EFI <2015-001 - Local Privilege Escalation
CVE-2015-3691
Apple macOS X < 10.10.4 - Privilege Escalation via Monitor Control Command Set Kernel Extension
Details
Vulnerabilities 5,345