CWE-284
5,009 CVEs • Abstraction: Pillar
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVEs (5,009)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than...Show more |
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. |
EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. |
Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. |
7Apple CanonicalDebian+4 more8Curl Debian LinuxFedora+5 moreMay 6, 2026 Apr 24, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. |
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) ca...Show more |
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). |
1Cisco 1Adaptive Security Appliance Software May 6, 2026 Apr 13, 2015 N/A· v4 N/A· v3 8.3 HIGH· v2 The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows...Show more |
1Cisco 7Asr 9001 Asr 9006Asr 9010+4 moreMay 6, 2026 Apr 11, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an a...Show more |