CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,345 vulnerabilities with CWE-284
CVE-2016-5650
HIGH
ZModo ZP-NE14-S/ZP-IBH-13W - Open Redirect
CVSS 7.5
CVE-2016-5645
HIGH
Rockwell Automation MicroLogix - Info Disclosure
CVSS 7.3
CVE-2016-5736
HIGH
F5 BIG-IP <12.0.0 HF2 - Privilege Escalation
CVSS 7.5
CVE-2016-0760
HIGH
Apache Sentry - Authenticated Remote Code Execution via Hive Builtin Function Blacklist Bypass
CVSS 8.8
CVE-2016-3319
HIGH
Microsoft Edge and Windows PDF Library - Remote Code Execution via Crafted PDF File
CVSS 7.0
CVE-2016-3299
MEDIUM
Microsoft Windows - NetBIOS Spoofing via Response Validation
CVSS 5.3
CVE-2016-2989
MEDIUM
IBM Connections Portlets 5.x - Open Redirect
CVSS 6.5
CVE-2016-2960
LOW
IBM WebSphere Application Server DoS via Crafted SIP Messages
CVSS 3.7
CVE-2016-1474
MEDIUM
Cisco Prime Infrastructure 2.2(2) - XSS
CVSS 4.3
CVE-2016-5144
CRITICAL
Google Chrome < 52.0.2743.82 - Improper Access Control in Developer Tools
CVSS 9.8
CVE-2016-6198
MEDIUM
Linux Kernel < 4.5.5 - Denial of Service via OverlayFS Self-Hardlink Rename
CVSS 5.5
CVE-2016-3839
MEDIUM
Android <4.4.4, <5.0.2, <5.1.1, <2016-08-01 - DoS
CVSS 5.5
CVE-2016-3838
MEDIUM
Android 6.x - Denial of Service via App-Pinning Feature
CVSS 5.5
CVE-2016-6150
CRITICAL
SAP HANA - Improper Access Control via Unencrypted Communications
CVSS 9.8
CVE-2016-6144
HIGH
SAP HANA <Revision 102 - SQL Injection
CVSS 8.1
CVE-2016-6140
CRITICAL
SAP TREX 7.10 Revision 63 - Arbitrary File Write via RFC-Gateway
CVSS 9.8
CVE-2016-6258
HIGH
Xen <= 4.7.x - Authenticated Privilege Escalation via PV Pagetable Entry Update
CVSS 8.8
CVE-2016-5229
CRITICAL
Atlassian Bamboo < 5.11.4.1 and 5.12.x < 5.12.3.1 - Remote Code Execution via XStream Deserialization
CVSS 9.8
CVE-2016-4373
CRITICAL
HP Operations Manager < 9.21.120 - Remote Code Execution via Deserialization
CVSS 9.8
CVE-2016-1608
HIGH
Novell Filr <2.0 - Authenticated RCE
CVSS 8.8
CVE-2016-3992
MEDIUM
cronic - Arbitrary File Write via Symlink Attack on Temporary Files
CVSS 6.2
CVE-2016-5130
MEDIUM
Google Chrome < 51.0.2704.106 - URL Spoofing via JavaScript Forward Method
CVSS 6.5
CVE-2016-4591
HIGH
WebKit - Remote Filesystem Access via Location Variable Mishandling
CVSS 7.5
CVE-2016-5388
HIGH
Redhat Enterprise Linux Desktop < 7.5.5.0 - Improper Access Control
CVSS 8.1
CVE-2016-5386
HIGH
Fedora < 1.6.3 - Improper Access Control
CVSS 8.1
Details
Vulnerabilities
5,345