CWE-284
5,077 CVEs • Abstraction: Pillar
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVEs (5,077)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 b...Show more |
1Mcafee 2Application Control Change ControlMay 13, 2026 Mar 14, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via...Show more |
1Mcafee 2Application Control Change ControlMay 13, 2026 Mar 14, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Co...Show more |
1Eaton 1Xcomfort Ethernet Communication Interface May 13, 2026 Mar 14, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access fi...Show more |
1F5 10Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+7 moreMay 13, 2026 Mar 7, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also...Show more |
2Debian Libupnp Project2Debian Linux LibupnpMay 13, 2026 Mar 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. |
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. |
2Imagemagick Opensuse2Imagemagick LeapMay 13, 2026 Mar 3, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
1Dropbear Ssh Project 1Dropbear Ssh May 13, 2026 Mar 3, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. |
1Espeak Ruby Project 1Espeak Ruby May 13, 2026 Mar 3, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb. |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. |
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648. |
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649. |
3Debian FedoraprojectFlightgear3Debian Linux FedoraFlightgearMay 13, 2026 Feb 22, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. |
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an...Show more |
1Ibm 1Cognos Disclosure Management May 13, 2026 Feb 15, 2017 N/A· v4 5.3 MEDIUM· v3 6.8 MEDIUM· v2 IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584. |
An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-in...Show more |