CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,346 vulnerabilities with CWE-284
CVE-2014-0578
Adobe Flash Player < 13.0.0.302, 14.x-18.x < 18.0.0.203, < 11.2.202.481 - Same Origin Policy Bypass
CVE-2014-7810
Debian Linux < 6.0.44 - Improper Access Control
CVE-2014-2174
Cisco TelePresence <7.1 - Privilege Escalation
CVE-2014-9422
MIT Kerberos 5 <= 1.11.5, 1.12.x <= 1.12.2, 1.13.x < 1.13.1 - Authenticated Authorization Bypass via kadmind Principal
CVE-2014-8757
LG On-Screen Phone < 4.3.009 - Authentication Bypass
CVE-2014-6195
IBM Tivoli Storage Manager Backup-Archive Client 5.4-7.1.0 - Authentication Bypass in Data Protection for Lotus Domino
CVE-2014-8833
Apple OS X <10.10.2 - Info Disclosure
CVE-2014-8827
Apple OS X <10.10.2 - Info Disclosure
CVE-2014-9648
Google Chrome < 40.0.2214.91 - Denial of Service via Intent URL Navigation Interception
CVE-2014-9197
Schneider Electric ETG3000 - Info Disclosure
CVE-2014-9572
MantisBT <1.2.19 & <1.3.0-beta.2 - Info Disclosure
CVE-2014-1949
GTK+ <3.10.9 - Info Disclosure
CVE-2014-1449
Maxthon Cloud Browser < 4.1.5.2000 - Address Bar Spoofing via History API
CVE-2014-7193
Crumb plugin <3.0.0 - Info Disclosure
CVE-2014-5208
Yokogawa CENTUM CS 3000 and VP, Exaopc - Unauthenticated Arbitrary File Read and Write via BKBCopyD.exe
CVE-2014-6078
IBM Security Access Manager for Mobile 8.x and Web 7.x-8.x - Improper Access Control
CVE-2014-9388
MantisBT < 1.2.17 - Improper Access Control via Handler ID Parameter
CVE-2014-8632
Firefox < 34.0 and SeaMonkey < 2.31 - Improper Access Control via Structured-Clone and XrayWrapper Interaction
CVE-2014-8631
Mozilla Firefox <34.0 & SeaMonkey <2.31 - SSRF
CVE-2014-1589
Mozilla Firefox <34.0 & SeaMonkey <2.31 - XSS
CVE-2014-8680
ISC BIND 9.10.0-9.10.1 - Denial of Service via GeoIP Database Handling
CVE-2014-6319
Microsoft Exchange Server - Info Disclosure
CVE-2014-9117
MantisBT < 1.2.17 - CAPTCHA Bypass via Public Key Parameter
CVE-2014-9151
Services module 7.x-3.x < 7.x-3.10 - Unauthenticated Brute-Force Attack via Administrative Password
CVE-2014-6627
Aruba Networks ClearPass <6.3.5, <6.4 - RCE
Details
Vulnerabilities 5,346