Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,079)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-0110 1Ibm 2Business Process Manager Websphere Application Server May 13, 2026 Sep 15, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors...Show more IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.Show less
CVE-2015-3163 1Redhat 1Beaker May 13, 2026 Sep 6, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $B...Show more The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.Show less
CVE-2014-8677 1Soplanning 1Soplanning May 13, 2026 Aug 31, 2017 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, o...Show more The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.Show less
CVE-2016-8752 1Apache 1Atlas May 13, 2026 Aug 29, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
CVE-2015-4649 1Arubanetworks 1Clearpass May 13, 2026 Aug 29, 2017 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
CVE-2015-3657 1Arubanetworks 1Clearpass May 13, 2026 Aug 29, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
CVE-2015-3654 1Arubanetworks 1Clearpass May 13, 2026 Aug 29, 2017 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
CVE-2015-3653 1Arubanetworks 1Clearpass May 13, 2026 Aug 29, 2017 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of...Show more Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.Show less
CVE-2014-9513 1Debian 1Xbindkeys Config May 13, 2026 Aug 28, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.
CVE-2014-8168 1Redhat 1Satellite May 13, 2026 Aug 28, 2017 N/A· v4 6.1 MEDIUM· v3 4.6 MEDIUM· v2 Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
CVE-2015-5293 1Redhat 1Enterprise Virtualization Manager May 13, 2026 Aug 24, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to...Show more Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.Show less
CVE-2016-10382 1Google 1Android May 13, 2026 Aug 18, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.
CVE-2015-9064 1Google 1Android May 13, 2026 Aug 18, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.
CVE-2015-9047 1Google 1Android May 13, 2026 Aug 18, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.
CVE-2015-9040 1Google 1Android May 13, 2026 Aug 18, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API.
CVE-2015-2687 1Openstack 1Compute May 13, 2026 Aug 9, 2017 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
CVE-2017-6866 1Siemens 1Xhq Server May 13, 2026 Aug 7, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceedin...Show more A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.Show less
CVE-2014-9831 1Imagemagick 1Imagemagick May 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
CVE-2014-9830 1Imagemagick 1Imagemagick May 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
CVE-2014-9828 1Imagemagick 1Imagemagick May 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.

Previous 1...212213214...254 Next