CWE-284
5,077 CVEs • Abstraction: Pillar
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVEs (5,077)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges...Show more |
WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. |
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. |
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in oppo...Show more |
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. |
1Ibm 8Maximo Asset Management Maximo For GovernmentMaximo For Life Sciences+5 moreMay 6, 2026 Mar 14, 2016 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. |
IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. |
3Canonical DebianSamba3Debian Linux SambaUbuntu LinuxMay 6, 2026 Mar 13, 2016 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call t...Show more |
extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restricti...Show more |
1Hp 71000 Series Firmware 700 Series Firmware800 Series Firmware+4 moreMay 6, 2026 Mar 4, 2016 N/A· v4 7.9 HIGH· v3 5.4 MEDIUM· v2 Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. |
IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie. |
1Schneider Electric 2Struxureware Building Operations Automation Server As P Firmware Struxureware Building Operations Automation Server As FirmwareMay 6, 2026 Mar 2, 2016 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minim...Show more |
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. |
1Advantech 2Vesp211 232 Firmware Vesp211 Eu FirmwareMay 6, 2026 Feb 21, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to...Show more |
1Rubyonrails 2Rails Ruby On RailsMay 6, 2026 Feb 16, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly...Show more |
1Ibm 1Qradar Security Information And Event Manager May 6, 2026 Feb 15, 2016 N/A· v4 4.4 MEDIUM· v3 3.5 LOW· v2 IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by readin...Show more |
1Cisco 1Email Security Appliance Firmeware May 6, 2026 Feb 12, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malfor...Show more |
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects...Show more |
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agent...Show more |
5Cisco SamsungSun+2 more5Gs1900 10hp Firmware Keymouse FirmwareNx Os+2 moreMay 6, 2026 Feb 7, 2016 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote a...Show more |