CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,332 vulnerabilities with CWE-284
CVE-2016-9245
MEDIUM
F5 BIG-IP 12.1.0-12.1.2 - Denial of Service via Malicious HTTP Requests
CVSS 5.9
CVE-2016-6255
HIGH
Portable UPnP SDK <1.6.21 - Code Injection
CVSS 7.5
CVE-2016-8236
HIGH
Lenovo ThinkServer TSM < 3.77 - Unauthenticated Reset to Default Settings via Broadcast Storm
CVSS 7.5
CVE-2016-10065
HIGH
ImageMagick < 6.9.7-10 - Denial of Service via Crafted VIFF File
CVSS 7.8
CVE-2016-7408
HIGH
Dropbear SSH < 2016.73 - Remote Code Execution via dbclient -m or -c Argument
CVSS 8.8
CVE-2016-10193
CRITICAL
espeak-ruby < 1.0.3 - Remote Code Execution via Shell Metacharacter Injection
CVSS 9.8
CVE-2016-9818
MEDIUM
Xen through 4.7.x - Denial of Service via Asynchronous Abort Handling
CVSS 6.5
CVE-2016-9817
MEDIUM
Xen through 4.7.x - Denial of Service via ARM Guest Abort Handling
CVSS 6.5
CVE-2016-9816
MEDIUM
Xen through 4.7.x - Denial of Service via Asynchronous Abort at EL2
CVSS 6.5
CVE-2016-9815
MEDIUM
Xen through 4.7.x - Denial of Service via Asynchronous Abort
CVSS 6.5
CVE-2016-8986
MEDIUM
IBM WebSphere MQ 8.0 - Authenticated Denial of Service via HTTP Request
CVSS 6.5
CVE-2016-8915
MEDIUM
IBM WebSphere MQ 8.0 - Authenticated Denial of Service
CVSS 6.5
CVE-2016-9956
HIGH
Debian Linux < 2016.4.3 - Improper Access Control
CVSS 7.5
CVE-2016-9378
MEDIUM
Xen 4.5.x-4.7.x - Denial of Service via Software Interrupt Delivery
CVSS 5.5
CVE-2016-6077
MEDIUM
IBM Cognos Disclosure Mgmt <10.2 - Privilege Escalation
CVSS 5.3
CVE-2016-10223
MEDIUM
BigTree CMS < 4.2.14 - Cross-Site Scripting via Dashboard Module Integrity Check ID Parameter
CVSS 5.4
CVE-2016-9356
HIGH
Moxa DACenter <1.4 - Info Disclosure
CVSS 7.8
CVE-2016-5815
CRITICAL
Schneider Electric - Info Disclosure
CVSS 9.8
CVE-2016-5801
HIGH
OmniMetrix OmniView <1.2 - Info Disclosure
CVSS 7.5
CVE-2016-7565
CRITICAL
Exponent CMS 2.3.9 - Remote Code Execution via sc Array Parameter
CVSS 9.8
CVE-2016-2788
CRITICAL
MCollective 2.7.0 and 2.8.x < 2.8.9 - Remote Code Execution via mco ping Command
CVSS 9.8
CVE-2016-2787
MEDIUM
Puppet Enterprise 2015.3.x - Improper Access Control
CVSS 5.3
CVE-2016-10026
HIGH
ikiwiki 3.20161219 - Info Disclosure
CVSS 7.5
CVE-2016-9005
CRITICAL
IBM System Storage TS3100-TS3200 - Privilege Escalation
CVSS 9.8
CVE-2016-0308
MEDIUM
IBM Connections <= 5.5 - Improper Access Control
CVSS 4.3
Details
Vulnerabilities
5,332