CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,344 vulnerabilities with CWE-284
CVE-2016-10124 HIGH
Linux Containers <2016-02-22 - Privilege Escalation
CVSS 8.6
CVE-2016-4307 MEDIUM
Kaspersky Internet Security KL1 - DoS
CVSS 5.5
CVE-2016-4305 MEDIUM
Kaspersky Internet Security KLIF - DoS
CVSS 5.5
CVE-2016-4304 MEDIUM
Kaspersky Internet Security KLIF - DoS
CVSS 5.5
CVE-2016-10030 HIGH
Slurm <15.08.13, 16.x <16.05.7, 17.x <17.02.0-pre4 - Code Injection
CVSS 8.1
CVE-2016-10105 CRITICAL
Piwigo < 2.8.3 - Unauthenticated Exposure of Sensitive Information via admin/plugin.php
CVSS 9.8
CVE-2016-10085 HIGH
Piwigo < 2.8.3 - Authenticated File Inclusion via admin/languages.php tab Parameter
CVSS 7.2
CVE-2016-10084 HIGH
Piwigo < 2.8.3 - Authenticated File Inclusion via mode Parameter
CVSS 7.2
CVE-2016-10082 CRITICAL
Serendipity <2.0.5 - File Inclusion
CVSS 9.8
CVE-2016-9877 CRITICAL
RabbitMQ 3.x < 3.5.8 and 3.6.x < 3.6.6 - Unauthenticated MQTT Connection Authentication Bypass
CVSS 9.8
CVE-2016-7967 HIGH
KMail < 5.3.0 - Improper Access Control via QWebEngine JavaScript Execution
CVSS 8.1
CVE-2016-5192 MEDIUM
Google Chrome < 54.0.2840.59 for Windows - Cross-Origin Restriction Bypass via TextTrackLoader Redirect
CVSS 6.5
CVE-2016-5189 MEDIUM
Google Chrome < 54.0.2840.59 - URL Spoofing via Blob URL Navigation
CVSS 6.5
CVE-2016-9951 MEDIUM
Apport < 2.20.3 - Unauthenticated Command Execution via Malicious Crash File
CVSS 6.5
CVE-2016-8824 HIGH
NVIDIA Windows GPU Display Driver - Privilege Escalation
CVSS 7.8
CVE-2016-8821 HIGH
NVIDIA Windows GPU Display Driver - Privilege Escalation
CVSS 7.8
CVE-2016-9838 HIGH
Joomla! < 3.6.4 - Improper Access Control via Registration Form Session Data
CVSS 7.5
CVE-2016-9565 CRITICAL
Nagios < 4.2.1 - Arbitrary File Read and Write via Spoofed RSS Feed Response
CVSS 9.8
CVE-2016-1000156 CRITICAL
mailcwp < 1.100 - Unauthenticated Remote File Upload
CVSS 9.8
CVE-2016-7952 HIGH
Fedora < 1.2.2 - Improper Access Control
CVSS 7.5
CVE-2016-7946 HIGH
X.org libXi < 1.7.7 - Denial of Service via Length Field Handling
CVSS 7.5
CVE-2016-9920 HIGH
Roundcube Webmail < 1.1.7 and 1.2.x < 1.2.3 - Authenticated Remote Code Execution via Sendmail Envelope-From Address
CVSS 7.5
CVE-2016-5341 MEDIUM
Android < 7.1.0 - Denial of Service via Spoofed GPS XTRA Data
CVSS 5.9
CVE-2016-9836 CRITICAL
Joomla! < 3.6.4 - Unauthenticated Arbitrary PHP File Upload via Alternative Extensions
CVSS 9.8
CVE-2016-9835 CRITICAL
Zikula Framework 1.3.x < 1.3.11 and 1.4.x < 1.4.4 - Directory Traversal & PHP Object Injection
CVSS 9.8
Details
Vulnerabilities 5,344