CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,346 vulnerabilities with CWE-284
CVE-2015-2107
HP Operations Manager i Management Pack 1.x - Authenticated OS Command Execution
CVE-2015-0660
Cisco Virtual TelePresence Server Software - Unauthenticated OS Command Execution via Serial Port
CVE-2015-1631
Microsoft Exchange Server 2013 SP1-CU7 - Info Disclosure
CVE-2015-1464
RT <4.0.23, <4.2 - Session Hijacking
CVE-2015-0820
Opensuse < 35.0.1 - Improper Access Control
CVE-2015-0008
Microsoft Windows - Remote Code Execution via UNC Share Authentication Bypass
CVE-2015-0929
SerVision HVG Video Gateway Firmware < 2.2.26a77 - Unauthenticated Administrative Access via time.htm Cookie Bypass
CVE-2015-0926
Labtech < 55.170 - Privilege Escalation via World-Writable Root Scripts
CVE-2015-1376
Pixabay Images <2.4 - Code Injection
CVE-2015-1307
plasma-workspace <5.1.95 - Info Disclosure
CVE-2014-125054 MEDIUM
reddit-on-rails < 2014-12-19 - Improper Access Control in Vote Handler
CVSS 4.3
CVE-2014-8183 HIGH
Foreman 1.x.x < 1.15.6 - Improper Access Control via API Resource Name
CVSS 7.4
CVE-2014-0881 HIGH
IBM Integrated Management Module Firmware 1.00-3.56 - Improper Access Control in TPM Configuration
CVSS 7.4
CVE-2014-6109 MEDIUM
IBM Security Identity Manager - Authenticated Information Disclosure via LDAP Query
CVSS 5.3
CVE-2014-10059 CRITICAL
Qualcomm MDM9615/9625, SD 210/212/205/400/800 - ATCMD Service Access Control Bypass
CVSS 9.8
CVE-2014-10053 CRITICAL
Qualcomm Multiple Chipsets Firmware - Improper Access Control in Widevine Secure Application
CVSS 9.8
CVE-2014-10050 CRITICAL
Qualcomm MSM8996/MSM8939/MSM8976/MSM8917/SDM845/SDM660 Firmware - Improper Access Control in RPMB
CVSS 9.8
CVE-2014-1400 MEDIUM
Entity API 7.x-1.x < 7.x-1.3 - Authenticated Access Control Bypass via Unpublished Comments
CVSS 6.5
CVE-2014-1399 MEDIUM
Entity API 7.x-1.x < 7.x-1.3 - Authenticated Access Control Bypass
CVSS 6.5
CVE-2014-1398 MEDIUM
Entity API 7.x-1.x < 7.x-1.3 - Authenticated Access Control Bypass
CVSS 6.5
CVE-2014-2048 CRITICAL
ownCloud Server <5.0.15 - Info Disclosure
CVSS 9.8
CVE-2014-2884 LOW
TrueCrypt 7.1a - Local Information Disclosure via IOCTL Calls
CVSS 3.3
CVE-2014-5279 HIGH
boot2docker < 1.2 - Unauthenticated Privilege Escalation via Docker Daemon TCP Connection
CVSS 8.8
CVE-2014-9504 HIGH
Open Atrium 7.x-2.0-7.x-2.25 - Improper Access Control in OG Subgroups Module
CVSS 7.5
CVE-2014-3519 MEDIUM
vzkernel < 042stab090.5 - Unauthorized File Access via open_by_handle_at
CVSS 6.5
Details
Vulnerabilities 5,346