CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,344 vulnerabilities with CWE-284
CVE-2016-9157 CRITICAL
Siemens SICAM PAS < 8.09 - Denial of Service and Unauthenticated Remote Code Execution via Crafted Packets to Port 19234
CVSS 9.8
CVE-2016-9156 HIGH
Siemens SICAM PAS < 8.09 - Unauthenticated Arbitrary File Manipulation via Port 19235
CVSS 7.3
CVE-2016-3044 MEDIUM
IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 - Denial of Service via Guest OS Vectors
CVSS 6.5
CVE-2016-2887 HIGH
IBM IMS Enterprise Suite Data Provider < 3.2.0.0 - Authenticated Exposure of Sensitive Information
CVSS 8.1
CVE-2016-2874 LOW
IBM QRadar SIEM < 7.1.0 - Authenticated Sensitive Information Exposure via Improper Access Control
CVSS 3.1
CVE-2016-8222 MEDIUM
Lenovo ThinkPad BIOS - Authenticated Denial of Service and BIOS Setting Modification via SMM Services
CVSS 4.4
CVE-2016-8223 HIGH
Lenovo System Interface Foundation - Privilege Escalation
CVSS 7.8
CVE-2016-5393 HIGH
Apache Hadoop 2.6.x < 2.6.5, 2.7.x < 2.7.3 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2016-8645 MEDIUM
Linux Kernel < 4.8.10 - Denial of Service via sendto System Call
CVSS 5.5
CVE-2016-8633 MEDIUM
Linux Kernel < 4.8.7 - Remote Code Execution via Firewire Fragmented Packets
CVSS 6.8
CVE-2016-8630 MEDIUM
Linux Kernel < 4.8.7 - Denial of Service via x86 KVM Undefined Instruction Handling
CVSS 5.5
CVE-2016-2929 HIGH
IBM BigFix Remote Control < 9.1.2 - Weak Password Policy
CVSS 8.1
CVE-2016-0319 HIGH
IBM Jazz Reporting Service <6.0.1 - XXE
CVSS 7.5
CVE-2016-0318 MEDIUM
IBM Jazz Reporting Service <6.0.1 iFix006 - Info Disclosure
CVSS 5.0
CVE-2016-0317 MEDIUM
IBM Jazz Reporting Service <6.0.1 - CSRF
CVSS 6.5
CVE-2016-6747 MEDIUM
Android < 7.0 - Denial of Service via Mediaserver Crafted File
CVSS 5.5
CVE-2016-6725 CRITICAL
Android < 7.0 - Remote Code Execution in Qualcomm Crypto Driver
CVSS 9.8
CVE-2016-6724 MEDIUM
Android < 4.4.4, 5.0.2, 5.1.1, 2016-11-01 - DoS in Input Manager Service
CVSS 5.5
CVE-2016-6723 MEDIUM
Android < 4.4.4, 5.0.x < 5.0.2, 5.1.x < 5.1.1, 6.x/7.0 < 2016-11-01 - DoS via Proxy Auto Config
CVSS 4.7
CVE-2016-6719 MEDIUM
Android 4.0-7.0 (2016-10-31) - Bluetooth Pairing Bypass
CVSS 5.5
CVE-2016-6716 MEDIUM
Android < 7.0 - Privilege Escalation via Launcher Shortcut Creation
CVSS 5.5
CVE-2016-6715 MEDIUM
Android Framework APIs - Unauthenticated Elevation of Privilege via Audio Recording Permission Bypass
CVSS 5.5
CVE-2016-6714 MEDIUM
Android 6.x-7.0 - Denial of Service via Mediaserver Crafted File
CVSS 5.5
CVE-2016-6713 MEDIUM
Android 6.x-7.0 - Denial of Service via Crafted Media File
CVSS 5.5
CVE-2016-6708 MEDIUM
Android 7.0 - Elevation of Privilege via Multi-Window Mode Work Profile Bypass
CVSS 5.5
Details
Vulnerabilities 5,344