← Back
CWE-284

5,079 CVEs • Abstraction: Pillar

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

JSON object

Loading...

CVEs (5,079)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-4031
1Samsung
5Galaxy Note 3 Firmware
Galaxy S4 FirmwareGalaxy S4 Mini Firmware+2 more
May 13, 2026
Apr 13, 2017
N/A· v4
6.8 MEDIUM· v3
4.6 MEDIUM· v2
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUH...Show more
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301.Show less
CVE-2016-4030
1Samsung
5Galaxy Note 3 Firmware
Galaxy S4 FirmwareGalaxy S4 Mini Firmware+2 more
May 13, 2026
Apr 13, 2017
N/A· v4
6.8 MEDIUM· v3
4.6 MEDIUM· v2
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUH...Show more
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.Show less
CVE-2016-6143
1Sap
1Hana
May 13, 2026
Apr 13, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.
CVE-2016-4800
1Eclipse
1Jetty
May 13, 2026
Apr 13, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certai...Show more
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.Show less
CVE-2015-8284
1Seawell Networks
1Spectrum Sdc
May 13, 2026
Apr 13, 2017
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
CVE-2016-1178
1Appleple
1A Blog Cms
May 13, 2026
Apr 12, 2017
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.
CVE-2016-6605
1Cloudera
1Cdh
May 13, 2026
Apr 10, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
CVE-2016-5058
1Osram
1Lightify Pro
May 13, 2026
Apr 10, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.
CVE-2016-5054
1Osram
1Lightify Home
May 13, 2026
Apr 10, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.
CVE-2015-8275
1Eparaksts
2Edoc Libraries
Eparakstitajs 3
May 13, 2026
Apr 10, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.
CVE-2015-7265
1Proxygen Project
1Proxygen
May 13, 2026
Apr 10, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.
CVE-2015-7263
1Proxygen Project
1Proxygen
May 13, 2026
Apr 10, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.
CVE-2014-3930
1Lg Project
1Lg
May 13, 2026
Apr 3, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.
CVE-2014-3929
1Lg Project
1Lg
May 13, 2026
Apr 3, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.
CVE-2014-3928
1Lg Project
1Lg
May 13, 2026
Apr 3, 2017
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.
CVE-2016-8798
1Huawei
1Usg5500 Firmware
May 13, 2026
Apr 2, 2017
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.
CVE-2016-8794
1Huawei
3Mate 8 Firmware
Mate S FirmwareP8 Firmware
May 13, 2026
Apr 2, 2017
N/A· v4
7.1 HIGH· v3
6.2 MEDIUM· v2
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C...Show more
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.Show less
CVE-2016-8793
1Huawei
3Mate 8 Firmware
Mate S FirmwareP8 Firmware
May 13, 2026
Apr 2, 2017
N/A· v4
6.7 MEDIUM· v3
6.2 MEDIUM· v2
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C...Show more
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.Show less
CVE-2016-8792
1Huawei
3Mate 8 Firmware
Mate S FirmwareP8 Firmware
May 13, 2026
Apr 2, 2017
N/A· v4
7.1 HIGH· v3
6.2 MEDIUM· v2
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C...Show more
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.Show less
CVE-2016-8791
1Huawei
3Mate 8 Firmware
Mate S FirmwareP8 Firmware
May 13, 2026
Apr 2, 2017
N/A· v4
7.1 HIGH· v3
6.2 MEDIUM· v2
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C...Show more
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.Show less