CWE-284
5,079 CVEs • Abstraction: Pillar
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVEs (5,079)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. |
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. |
1Selinc 2Sel 3620 Firmware Sel 3622 FirmwareMay 13, 2026 Aug 7, 2017 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not proper...Show more |
1Arcadyan 1Swisscom Internet Box Firmware May 13, 2026 Jun 29, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, lead...Show more |
2Elog Project Fedoraproject2Elog FedoraMay 13, 2026 Jun 27, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 elog 3.1.1 allows remote attackers to post data as any username in the logbook. |
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. |
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notificati...Show more |
stalin 0.11-5 allows local users to write to arbitrary files. |
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). |
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). |
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. |
1Cambium Networks 4Epmp 1000 Firmware Epmp 1000 Hotspot FirmwareEpmp 2000 Firmware+1 moreMay 13, 2026 Jun 21, 2017 N/A· v4 6.8 MEDIUM· v3 6.0 MEDIUM· v2 An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. T...Show more |
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. |
In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. |
In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. |
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. |
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. |
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. |
In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. |
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. |