CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2016-3925 MEDIUM
Android 6.x-7.0 - Denial of Service via Crafted Wi-Fi ANQP Application
CVSS 5.5
CVE-2016-3923 MEDIUM
Android < 7.0 - Privilege Escalation via Touchjacking in Accessibility Services
CVSS 5.5
CVE-2016-3882 MEDIUM
Android 6.x and 7.0 - Denial of Service via Crafted Wi-Fi Venue Name Element
CVSS 6.5
CVE-2016-7040 HIGH
Red Hat CloudForms Management Engine 4.1 - Authenticated Remote Code Execution via Regular Expression Injection
CVSS 8.8
CVE-2016-6323 HIGH
glibc < 2.25 - Denial of Service via makecontext Function
CVSS 7.5
CVE-2016-5745 CRITICAL
F5 BIG-IP LTM <11.2.1 HF16, <11.4.1 HF11, <11.6.1 HF1 - Info Disclo...
CVSS 9.8
CVE-2016-4551 HIGH
SAP NetWeaver 7.00 SP Level 0031 - IP Address Spoofing in Security Audit Log
CVSS 7.5
CVE-2016-5983 HIGH
IBM WebSphere Application Server (WAS) <9.0.0.2 - Authenticated RCE
CVSS 7.5
CVE-2016-1372 MEDIUM
ClamAV <0.99.2 - DoS
CVSS 5.5
CVE-2016-1371 MEDIUM
ClamAV <0.99.2 - DoS
CVSS 5.5
CVE-2016-5700 CRITICAL
F5 BIG-IP 11.5.0-11.5.4, 11.6.0-11.6.1, 12.0.0-12.1.0 - Improper Access Control via HTTP Explicit Proxy or SOCKS Profile
CVSS 9.8
CVE-2016-5176 MEDIUM
Google Chrome < 53.0.2785.101 - SafeBrowsing Protection Bypass
CVSS 6.5
CVE-2016-6826 MEDIUM
Huawei AnyMail - Denial of Service via Crafted Compressed Email Attachment
CVSS 6.5
CVE-2016-8279 MEDIUM
Huawei Mate S <CRR-TL00C01B362, P8 <GRA-UL10C00B366, Honor 6/Honor ...
CVSS 5.5
CVE-2016-5972 MEDIUM
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance ...
CVSS 6.8
CVE-2016-5963 HIGH
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance ...
CVSS 8.8
CVE-2016-5945 MEDIUM
IBM Spectrum Control <5.2.11 - File Upload
CVSS 4.3
CVE-2016-5943 MEDIUM
IBM Spectrum Control <5.2.11 - Auth Bypass
CVSS 5.4
CVE-2016-5173 HIGH
Google Chrome < 53.0.2785.101 - Same Origin Policy Bypass via Object.prototype Access
CVSS 7.1
CVE-2016-4760 MEDIUM
iTunes < 12.5.1 - DNS Rebinding via HTTP/0.9 Support
CVSS 6.5
CVE-2016-4694 CRITICAL
macOS < 10.11.6 and OS X Server < 5.1 - HTTP Proxy Header Misuse via Apache HTTP Server
CVSS 9.1
CVE-2016-5283 HIGH
Firefox < 48.0.2 - Same Origin Policy Bypass via IFRAME SRC Fragment Identifier
CVSS 8.8
CVE-2016-5273 HIGH
Firefox < 48.0.2 - Remote Code Execution via HyperTextAccessible GetChildOffset
CVSS 8.8
CVE-2016-4464 CRITICAL
Apache CXF Fediz 1.2.0-1.2.2 and 1.3.0 - Improper Access Control via SAML AudienceRestriction Bypass
CVSS 9.8
CVE-2016-6802 HIGH
Apache Shiro < 1.3.2 - Filter Bypass via Non-Root Servlet Context Path
CVSS 7.5
Details
Vulnerabilities 5,345