CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,363 vulnerabilities with CWE-284
CVE-2014-9648
Google Chrome < 40.0.2214.91 - Denial of Service via Intent URL Navigation Interception
CVE-2014-9197
Schneider Electric ETG3000 - Info Disclosure
CVE-2014-9572
MantisBT <1.2.19 & <1.3.0-beta.2 - Info Disclosure
CVE-2014-1949
GTK+ <3.10.9 - Info Disclosure
CVE-2014-1449
Maxthon Cloud Browser < 4.1.5.2000 - Address Bar Spoofing via History API
CVE-2014-7193
Crumb plugin <3.0.0 - Info Disclosure
CVE-2014-5208
Yokogawa CENTUM CS 3000 and VP, Exaopc - Unauthenticated Arbitrary File Read and Write via BKBCopyD.exe
CVE-2014-6078
IBM Security Access Manager for Mobile 8.x and Web 7.x-8.x - Improper Access Control
CVE-2014-9388
MantisBT < 1.2.17 - Improper Access Control via Handler ID Parameter
CVE-2014-8632
Firefox < 34.0 and SeaMonkey < 2.31 - Improper Access Control via Structured-Clone and XrayWrapper Interaction
CVE-2014-8631
Mozilla Firefox <34.0 & SeaMonkey <2.31 - SSRF
CVE-2014-1589
Mozilla Firefox <34.0 & SeaMonkey <2.31 - XSS
CVE-2014-8680
ISC BIND 9.10.0-9.10.1 - Denial of Service via GeoIP Database Handling
CVE-2014-6319
Microsoft Exchange Server - Info Disclosure
CVE-2014-9117
MantisBT < 1.2.17 - CAPTCHA Bypass via Public Key Parameter
CVE-2014-9151
Services module 7.x-3.x < 7.x-3.10 - Unauthenticated Brute-Force Attack via Administrative Password
CVE-2014-6627
Aruba Networks ClearPass <6.3.5, <6.4 - RCE
CVE-2014-6626
Aruba Networks ClearPass <6.3.6 & <6.4.1 - Auth Bypass
CVE-2014-6625
Aruba Networks ClearPass <6.3.6, <6.4 - Privilege Escalation
CVE-2014-7905
Google Chrome < 39.0.2171.65 - Improper Access Control via URL Navigation
CVE-2014-6110
IBM Security Identity Manager 6.x < 6.0.0.3 IF14 - Unauthenticated Session Access via Improper Logout
CVE-2014-0228
Apache Hive <0.13.1 - Info Disclosure
CVE-2014-3120 HIGH KEV
Elasticsearch < 1.2 - Remote Code Execution via Dynamic Scripting
CVSS 8.1
CVE-2014-2365
Advantech WebAccess <7.2 - Info Disclosure
CVE-2013-5654 CRITICAL
Yingzhipython - Improper Access Control
CVSS 9.1
Details
Vulnerabilities 5,363