CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,344 vulnerabilities with CWE-284
CVE-2016-10124
HIGH
Linux Containers <2016-02-22 - Privilege Escalation
CVSS 8.6
CVE-2016-4307
MEDIUM
Kaspersky Internet Security KL1 - DoS
CVSS 5.5
CVE-2016-4305
MEDIUM
Kaspersky Internet Security KLIF - DoS
CVSS 5.5
CVE-2016-4304
MEDIUM
Kaspersky Internet Security KLIF - DoS
CVSS 5.5
CVE-2016-10030
HIGH
Slurm <15.08.13, 16.x <16.05.7, 17.x <17.02.0-pre4 - Code Injection
CVSS 8.1
CVE-2016-10105
CRITICAL
Piwigo < 2.8.3 - Unauthenticated Exposure of Sensitive Information via admin/plugin.php
CVSS 9.8
CVE-2016-10085
HIGH
Piwigo < 2.8.3 - Authenticated File Inclusion via admin/languages.php tab Parameter
CVSS 7.2
CVE-2016-10084
HIGH
Piwigo < 2.8.3 - Authenticated File Inclusion via mode Parameter
CVSS 7.2
CVE-2016-10082
CRITICAL
Serendipity <2.0.5 - File Inclusion
CVSS 9.8
CVE-2016-9877
CRITICAL
RabbitMQ 3.x < 3.5.8 and 3.6.x < 3.6.6 - Unauthenticated MQTT Connection Authentication Bypass
CVSS 9.8
CVE-2016-7967
HIGH
KMail < 5.3.0 - Improper Access Control via QWebEngine JavaScript Execution
CVSS 8.1
CVE-2016-5192
MEDIUM
Google Chrome < 54.0.2840.59 for Windows - Cross-Origin Restriction Bypass via TextTrackLoader Redirect
CVSS 6.5
CVE-2016-5189
MEDIUM
Google Chrome < 54.0.2840.59 - URL Spoofing via Blob URL Navigation
CVSS 6.5
CVE-2016-9951
MEDIUM
Apport < 2.20.3 - Unauthenticated Command Execution via Malicious Crash File
CVSS 6.5
CVE-2016-8824
HIGH
NVIDIA Windows GPU Display Driver - Privilege Escalation
CVSS 7.8
CVE-2016-8821
HIGH
NVIDIA Windows GPU Display Driver - Privilege Escalation
CVSS 7.8
CVE-2016-9838
HIGH
Joomla! < 3.6.4 - Improper Access Control via Registration Form Session Data
CVSS 7.5
CVE-2016-9565
CRITICAL
Nagios < 4.2.1 - Arbitrary File Read and Write via Spoofed RSS Feed Response
CVSS 9.8
CVE-2016-1000156
CRITICAL
mailcwp < 1.100 - Unauthenticated Remote File Upload
CVSS 9.8
CVE-2016-7952
HIGH
Fedora < 1.2.2 - Improper Access Control
CVSS 7.5
CVE-2016-7946
HIGH
X.org libXi < 1.7.7 - Denial of Service via Length Field Handling
CVSS 7.5
CVE-2016-9920
HIGH
Roundcube Webmail < 1.1.7 and 1.2.x < 1.2.3 - Authenticated Remote Code Execution via Sendmail Envelope-From Address
CVSS 7.5
CVE-2016-5341
MEDIUM
Android < 7.1.0 - Denial of Service via Spoofed GPS XTRA Data
CVSS 5.9
CVE-2016-9836
CRITICAL
Joomla! < 3.6.4 - Unauthenticated Arbitrary PHP File Upload via Alternative Extensions
CVSS 9.8
CVE-2016-9835
CRITICAL
Zikula Framework 1.3.x < 1.3.11 and 1.4.x < 1.4.4 - Directory Traversal & PHP Object Injection
CVSS 9.8
Details
Vulnerabilities
5,344