CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,331 vulnerabilities with CWE-284
CVE-2016-10042 HIGH
Arcadyan SLT-00 Star* <R7.7 - Auth Bypass
CVSS 7.5
CVE-2016-6342 HIGH
elog 3.1.1 - XSS
CVSS 7.5
CVE-2016-5414 HIGH
FreeIPA 4.4.0 - Improper Access Control
CVSS 7.5
CVE-2016-4383 HIGH
HPE Helion Openstack Glance - Info Disclosure
CVSS 8.4
CVE-2016-10335 MEDIUM
Android - Improper Access Control in libtomcrypt
CVSS 5.5
CVE-2016-10334 MEDIUM
Android - Improper Access Control in Dynamically-Protected DDR Region
CVSS 5.5
CVE-2016-10333 MEDIUM
Android - Improper Access Control via Sensitive System Call
CVSS 5.5
CVE-2016-7833 HIGH
Cybozu Dezie 8.0.0-8.1.1 - Improper Access Control
CVSS 7.5
CVE-2016-7824 HIGH
BUFFALO WNC01WH <= 1.0.0.8 - Authenticated Improper Access Control
CVSS 8.8
CVE-2016-7811 HIGH
Corega CG-WLR300NX <= 1.20 - Improper Access Control
CVSS 8.8
CVE-2016-7807 HIGH
I-O DATA WFS-SR01 Firmware <= 1.10 - Improper Access Control
CVSS 7.5
CVE-2016-7801 MEDIUM
Cybozu Garoon 3.0.0-4.2.2 - Unauthenticated To-Do Deletion via Access Control Bypass
CVSS 4.3
CVE-2016-4910 MEDIUM
Cybozu Garoon 3.0.0-4.2.2 - Authenticated Access Control Bypass via MultiReport Filter Deletion
CVSS 4.3
CVE-2016-4908 MEDIUM
Cybozu Garoon 3.0.0-4.2.2 - Authenticated Improper Access Control
CVSS 4.3
CVE-2016-6098 HIGH
IBM Tivoli Key Lifecycle Manager <2.7 - Info Disclosure
CVSS 8.1
CVE-2016-3112 HIGH
Pulp < 2.8.2-1 - Authenticated Privilege Escalation via World-Readable Consumer Private Key
CVSS 7.5
CVE-2016-3107 MEDIUM
Pulp < 2.8.2-1 - Unprotected Private Key Exposure in Node Certificate
CVSS 5.5
CVE-2016-6089 MEDIUM
IBM WebSphere MQ <9.0.2 - Privilege Escalation
CVSS 5.5
CVE-2016-0768 HIGH
PostgreSQL PL/Java >9.0 - Privilege Escalation
CVSS 7.5
CVE-2016-10237 HIGH
Android - Improper Access Control in Shared Content Protection Memory Handling
CVSS 7.8
CVE-2016-10370 HIGH
OxygenOS - Unauthenticated Signed OTA Image Exposure via HTTP
CVSS 7.5
CVE-2016-10369 HIGH
lxterminal < 0.3.0 - Denial of Service via Insecure /tmp Socket File
CVSS 7.8
CVE-2016-7054 HIGH
OpenSSL 1.1.0-1.1.0b - Denial of Service via CHACHA20-POLY1305 Cipher Payload Corruption
CVSS 7.5
CVE-2016-9976 HIGH
IBM Maximo Asset Management 7.1, 7.5, 7.6 - Remote Code Execution via Arbitrary File Inclusion
CVSS 8.4
CVE-2016-2930 HIGH
IBM BigFix Remote Control 9.1.3 - Unauthenticated Privilege Escalation
CVSS 7.5
Details
Vulnerabilities 5,331