CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,345 vulnerabilities with CWE-284
CVE-2016-3925
MEDIUM
Android 6.x-7.0 - Denial of Service via Crafted Wi-Fi ANQP Application
CVSS 5.5
CVE-2016-3923
MEDIUM
Android < 7.0 - Privilege Escalation via Touchjacking in Accessibility Services
CVSS 5.5
CVE-2016-3882
MEDIUM
Android 6.x and 7.0 - Denial of Service via Crafted Wi-Fi Venue Name Element
CVSS 6.5
CVE-2016-7040
HIGH
Red Hat CloudForms Management Engine 4.1 - Authenticated Remote Code Execution via Regular Expression Injection
CVSS 8.8
CVE-2016-6323
HIGH
glibc < 2.25 - Denial of Service via makecontext Function
CVSS 7.5
CVE-2016-5745
CRITICAL
F5 BIG-IP LTM <11.2.1 HF16, <11.4.1 HF11, <11.6.1 HF1 - Info Disclo...
CVSS 9.8
CVE-2016-4551
HIGH
SAP NetWeaver 7.00 SP Level 0031 - IP Address Spoofing in Security Audit Log
CVSS 7.5
CVE-2016-5983
HIGH
IBM WebSphere Application Server (WAS) <9.0.0.2 - Authenticated RCE
CVSS 7.5
CVE-2016-1372
MEDIUM
ClamAV <0.99.2 - DoS
CVSS 5.5
CVE-2016-1371
MEDIUM
ClamAV <0.99.2 - DoS
CVSS 5.5
CVE-2016-5700
CRITICAL
F5 BIG-IP 11.5.0-11.5.4, 11.6.0-11.6.1, 12.0.0-12.1.0 - Improper Access Control via HTTP Explicit Proxy or SOCKS Profile
CVSS 9.8
CVE-2016-5176
MEDIUM
Google Chrome < 53.0.2785.101 - SafeBrowsing Protection Bypass
CVSS 6.5
CVE-2016-6826
MEDIUM
Huawei AnyMail - Denial of Service via Crafted Compressed Email Attachment
CVSS 6.5
CVE-2016-8279
MEDIUM
Huawei Mate S <CRR-TL00C01B362, P8 <GRA-UL10C00B366, Honor 6/Honor ...
CVSS 5.5
CVE-2016-5972
MEDIUM
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance ...
CVSS 6.8
CVE-2016-5963
HIGH
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance ...
CVSS 8.8
CVE-2016-5945
MEDIUM
IBM Spectrum Control <5.2.11 - File Upload
CVSS 4.3
CVE-2016-5943
MEDIUM
IBM Spectrum Control <5.2.11 - Auth Bypass
CVSS 5.4
CVE-2016-5173
HIGH
Google Chrome < 53.0.2785.101 - Same Origin Policy Bypass via Object.prototype Access
CVSS 7.1
CVE-2016-4760
MEDIUM
iTunes < 12.5.1 - DNS Rebinding via HTTP/0.9 Support
CVSS 6.5
CVE-2016-4694
CRITICAL
macOS < 10.11.6 and OS X Server < 5.1 - HTTP Proxy Header Misuse via Apache HTTP Server
CVSS 9.1
CVE-2016-5283
HIGH
Firefox < 48.0.2 - Same Origin Policy Bypass via IFRAME SRC Fragment Identifier
CVSS 8.8
CVE-2016-5273
HIGH
Firefox < 48.0.2 - Remote Code Execution via HyperTextAccessible GetChildOffset
CVSS 8.8
CVE-2016-4464
CRITICAL
Apache CXF Fediz 1.2.0-1.2.2 and 1.3.0 - Improper Access Control via SAML AudienceRestriction Bypass
CVSS 9.8
CVE-2016-6802
HIGH
Apache Shiro < 1.3.2 - Filter Bypass via Non-Root Servlet Context Path
CVSS 7.5
Details
Vulnerabilities
5,345