CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,332 vulnerabilities with CWE-284
CVE-2016-9245 MEDIUM
F5 BIG-IP 12.1.0-12.1.2 - Denial of Service via Malicious HTTP Requests
CVSS 5.9
CVE-2016-6255 HIGH
Portable UPnP SDK <1.6.21 - Code Injection
CVSS 7.5
CVE-2016-8236 HIGH
Lenovo ThinkServer TSM < 3.77 - Unauthenticated Reset to Default Settings via Broadcast Storm
CVSS 7.5
CVE-2016-10065 HIGH
ImageMagick < 6.9.7-10 - Denial of Service via Crafted VIFF File
CVSS 7.8
CVE-2016-7408 HIGH
Dropbear SSH < 2016.73 - Remote Code Execution via dbclient -m or -c Argument
CVSS 8.8
CVE-2016-10193 CRITICAL
espeak-ruby < 1.0.3 - Remote Code Execution via Shell Metacharacter Injection
CVSS 9.8
CVE-2016-9818 MEDIUM
Xen through 4.7.x - Denial of Service via Asynchronous Abort Handling
CVSS 6.5
CVE-2016-9817 MEDIUM
Xen through 4.7.x - Denial of Service via ARM Guest Abort Handling
CVSS 6.5
CVE-2016-9816 MEDIUM
Xen through 4.7.x - Denial of Service via Asynchronous Abort at EL2
CVSS 6.5
CVE-2016-9815 MEDIUM
Xen through 4.7.x - Denial of Service via Asynchronous Abort
CVSS 6.5
CVE-2016-8986 MEDIUM
IBM WebSphere MQ 8.0 - Authenticated Denial of Service via HTTP Request
CVSS 6.5
CVE-2016-8915 MEDIUM
IBM WebSphere MQ 8.0 - Authenticated Denial of Service
CVSS 6.5
CVE-2016-9956 HIGH
Debian Linux < 2016.4.3 - Improper Access Control
CVSS 7.5
CVE-2016-9378 MEDIUM
Xen 4.5.x-4.7.x - Denial of Service via Software Interrupt Delivery
CVSS 5.5
CVE-2016-6077 MEDIUM
IBM Cognos Disclosure Mgmt <10.2 - Privilege Escalation
CVSS 5.3
CVE-2016-10223 MEDIUM
BigTree CMS < 4.2.14 - Cross-Site Scripting via Dashboard Module Integrity Check ID Parameter
CVSS 5.4
CVE-2016-9356 HIGH
Moxa DACenter <1.4 - Info Disclosure
CVSS 7.8
CVE-2016-5815 CRITICAL
Schneider Electric - Info Disclosure
CVSS 9.8
CVE-2016-5801 HIGH
OmniMetrix OmniView <1.2 - Info Disclosure
CVSS 7.5
CVE-2016-7565 CRITICAL
Exponent CMS 2.3.9 - Remote Code Execution via sc Array Parameter
CVSS 9.8
CVE-2016-2788 CRITICAL
MCollective 2.7.0 and 2.8.x < 2.8.9 - Remote Code Execution via mco ping Command
CVSS 9.8
CVE-2016-2787 MEDIUM
Puppet Enterprise 2015.3.x - Improper Access Control
CVSS 5.3
CVE-2016-10026 HIGH
ikiwiki 3.20161219 - Info Disclosure
CVSS 7.5
CVE-2016-9005 CRITICAL
IBM System Storage TS3100-TS3200 - Privilege Escalation
CVSS 9.8
CVE-2016-0308 MEDIUM
IBM Connections <= 5.5 - Improper Access Control
CVSS 4.3
Details
Vulnerabilities 5,332