CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,346 vulnerabilities with CWE-284
CVE-2015-2107
HP Operations Manager i Management Pack 1.x - Authenticated OS Command Execution
CVE-2015-0660
Cisco Virtual TelePresence Server Software - Unauthenticated OS Command Execution via Serial Port
CVE-2015-1631
Microsoft Exchange Server 2013 SP1-CU7 - Info Disclosure
CVE-2015-1464
RT <4.0.23, <4.2 - Session Hijacking
CVE-2015-0820
Opensuse < 35.0.1 - Improper Access Control
CVE-2015-0008
Microsoft Windows - Remote Code Execution via UNC Share Authentication Bypass
CVE-2015-0929
SerVision HVG Video Gateway Firmware < 2.2.26a77 - Unauthenticated Administrative Access via time.htm Cookie Bypass
CVE-2015-0926
Labtech < 55.170 - Privilege Escalation via World-Writable Root Scripts
CVE-2015-1376
Pixabay Images <2.4 - Code Injection
CVE-2015-1307
plasma-workspace <5.1.95 - Info Disclosure
CVE-2014-125054
MEDIUM
reddit-on-rails < 2014-12-19 - Improper Access Control in Vote Handler
CVSS 4.3
CVE-2014-8183
HIGH
Foreman 1.x.x < 1.15.6 - Improper Access Control via API Resource Name
CVSS 7.4
CVE-2014-0881
HIGH
IBM Integrated Management Module Firmware 1.00-3.56 - Improper Access Control in TPM Configuration
CVSS 7.4
CVE-2014-6109
MEDIUM
IBM Security Identity Manager - Authenticated Information Disclosure via LDAP Query
CVSS 5.3
CVE-2014-10059
CRITICAL
Qualcomm MDM9615/9625, SD 210/212/205/400/800 - ATCMD Service Access Control Bypass
CVSS 9.8
CVE-2014-10053
CRITICAL
Qualcomm Multiple Chipsets Firmware - Improper Access Control in Widevine Secure Application
CVSS 9.8
CVE-2014-10050
CRITICAL
Qualcomm MSM8996/MSM8939/MSM8976/MSM8917/SDM845/SDM660 Firmware - Improper Access Control in RPMB
CVSS 9.8
CVE-2014-1400
MEDIUM
Entity API 7.x-1.x < 7.x-1.3 - Authenticated Access Control Bypass via Unpublished Comments
CVSS 6.5
CVE-2014-1399
MEDIUM
Entity API 7.x-1.x < 7.x-1.3 - Authenticated Access Control Bypass
CVSS 6.5
CVE-2014-1398
MEDIUM
Entity API 7.x-1.x < 7.x-1.3 - Authenticated Access Control Bypass
CVSS 6.5
CVE-2014-2048
CRITICAL
ownCloud Server <5.0.15 - Info Disclosure
CVSS 9.8
CVE-2014-2884
LOW
TrueCrypt 7.1a - Local Information Disclosure via IOCTL Calls
CVSS 3.3
CVE-2014-5279
HIGH
boot2docker < 1.2 - Unauthenticated Privilege Escalation via Docker Daemon TCP Connection
CVSS 8.8
CVE-2014-9504
HIGH
Open Atrium 7.x-2.0-7.x-2.25 - Improper Access Control in OG Subgroups Module
CVSS 7.5
CVE-2014-3519
MEDIUM
vzkernel < 042stab090.5 - Unauthorized File Access via open_by_handle_at
CVSS 6.5
Details
Vulnerabilities
5,346