CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,363 vulnerabilities with CWE-284
CVE-2013-2972
HIGH
IBM WebSphere Cast Iron 6.3 - Auth Bypass
CVSS 7.5
CVE-2013-6272
HIGH
Google Android 4.1.1-4.4.2 - Unauthenticated Phone Call and USSD Code Execution via NotificationBroadcastReceiver
CVSS 7.8
CVE-2013-6739
MEDIUM
IBM SPSS Modeler < 16.0.0.0 - Authenticated Access Control Bypass via SSO Token
CVSS 5.4
CVE-2013-4246
HIGH
Apache Subversion 1.8.x - Authenticated Repository Corruption via Packed Revision Properties
CVSS 8.8
CVE-2013-7461
MEDIUM
McAfee MCC <6.1.0 - Privilege Escalation
CVSS 5.5
CVE-2013-7460
MEDIUM
McAfee MAC <6.1.0 - Privilege Escalation
CVSS 5.5
CVE-2013-7293
ASUS WL-330NUL - Configuration Traffic Hijacking via DNS Hostname Misconfiguration
CVE-2013-4316
Apache Struts 2.0.0-2.3.15.1 - Dynamic Method Invocation
CVE-2013-2175
Debian Linux - Improper Access Control
CVE-2013-4213
Red Hat JBoss Enterprise Application Platform 6.1.0 - Remote Session Hijacking via EJB Client API
CVE-2013-2423
LOW
KEV
Oracle JRE - Improper Access Control
CVSS 3.7
CVE-2013-0422
CRITICAL
KEV
Oracle JDK 7 - Remote Code Execution via JMX MBean Instantiator and Reflection API
CVSS 9.8
CVE-2012-4380
HIGH
MediaWiki < 1.18.5 and 1.19.x < 1.19.2 - GlobalBlocking Extension IP Address Blocking Bypass
CVSS 7.5
CVE-2012-4379
MEDIUM
MediaWiki < 1.18.5 and 1.19.x < 1.19.2 - Clickjacking via Missing X-Frame-Options Header
CVSS 6.5
CVE-2012-6689
HIGH
Linux Kernel < 3.5.5 - Unauthenticated Netlink Message Spoofing via dst_pid Field
CVSS 7.8
CVE-2012-6442
HIGH
Rockwell Automation EtherNet/IP Firmware - Denial of Service via Unauthorized CIP Message
CVSS 7.5
CVE-2012-6439
Rockwellautomation Controllogix Controllers - Improper Access Control
CVE-2012-6435
HIGH
Rockwell Automation ControlLogix and GuardLogix < 20 - Denial of Service via CIP Message to Port 2222 or 44818
CVSS 7.5
CVE-2012-6068
CRITICAL
CODESYS Runtime System 2.3.x-2.4.x - Unauthenticated Remote Code Execution via TCP Listener Service
CVSS 9.8
CVE-2012-5076
CRITICAL
KEV
Java Applet AverageRangeStatisticImpl Remote Code Execution
CVSS 9.8
CVE-2012-4681
CRITICAL
KEV
Java 7 Applet Remote Code Execution
CVSS 9.8
CVE-2012-2351
Mahara <1.4.2 - Auth Bypass
CVE-2012-1723
CRITICAL
KEV
Java Applet Field Bytecode Verifier Cache Remote Code Execution
CVSS 9.8
CVE-2012-2947
Asterisk Open Source <10.4.1 & Certified Asterisk <1.8.11-cert2 - DoS
CVE-2012-1327
Cisco IOS 12.3, 12.4, 15.0, 15.1 - Denial of Service via 802.11 Wireless Traffic
Details
Vulnerabilities
5,363