CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2016-5650 HIGH
ZModo ZP-NE14-S/ZP-IBH-13W - Open Redirect
CVSS 7.5
CVE-2016-5645 HIGH
Rockwell Automation MicroLogix - Info Disclosure
CVSS 7.3
CVE-2016-5736 HIGH
F5 BIG-IP <12.0.0 HF2 - Privilege Escalation
CVSS 7.5
CVE-2016-0760 HIGH
Apache Sentry - Authenticated Remote Code Execution via Hive Builtin Function Blacklist Bypass
CVSS 8.8
CVE-2016-3319 HIGH
Microsoft Edge and Windows PDF Library - Remote Code Execution via Crafted PDF File
CVSS 7.0
CVE-2016-3299 MEDIUM
Microsoft Windows - NetBIOS Spoofing via Response Validation
CVSS 5.3
CVE-2016-2989 MEDIUM
IBM Connections Portlets 5.x - Open Redirect
CVSS 6.5
CVE-2016-2960 LOW
IBM WebSphere Application Server DoS via Crafted SIP Messages
CVSS 3.7
CVE-2016-1474 MEDIUM
Cisco Prime Infrastructure 2.2(2) - XSS
CVSS 4.3
CVE-2016-5144 CRITICAL
Google Chrome < 52.0.2743.82 - Improper Access Control in Developer Tools
CVSS 9.8
CVE-2016-6198 MEDIUM
Linux Kernel < 4.5.5 - Denial of Service via OverlayFS Self-Hardlink Rename
CVSS 5.5
CVE-2016-3839 MEDIUM
Android <4.4.4, <5.0.2, <5.1.1, <2016-08-01 - DoS
CVSS 5.5
CVE-2016-3838 MEDIUM
Android 6.x - Denial of Service via App-Pinning Feature
CVSS 5.5
CVE-2016-6150 CRITICAL
SAP HANA - Improper Access Control via Unencrypted Communications
CVSS 9.8
CVE-2016-6144 HIGH
SAP HANA <Revision 102 - SQL Injection
CVSS 8.1
CVE-2016-6140 CRITICAL
SAP TREX 7.10 Revision 63 - Arbitrary File Write via RFC-Gateway
CVSS 9.8
CVE-2016-6258 HIGH
Xen <= 4.7.x - Authenticated Privilege Escalation via PV Pagetable Entry Update
CVSS 8.8
CVE-2016-5229 CRITICAL
Atlassian Bamboo < 5.11.4.1 and 5.12.x < 5.12.3.1 - Remote Code Execution via XStream Deserialization
CVSS 9.8
CVE-2016-4373 CRITICAL
HP Operations Manager < 9.21.120 - Remote Code Execution via Deserialization
CVSS 9.8
CVE-2016-1608 HIGH
Novell Filr <2.0 - Authenticated RCE
CVSS 8.8
CVE-2016-3992 MEDIUM
cronic - Arbitrary File Write via Symlink Attack on Temporary Files
CVSS 6.2
CVE-2016-5130 MEDIUM
Google Chrome < 51.0.2704.106 - URL Spoofing via JavaScript Forward Method
CVSS 6.5
CVE-2016-4591 HIGH
WebKit - Remote Filesystem Access via Location Variable Mishandling
CVSS 7.5
CVE-2016-5388 HIGH
Redhat Enterprise Linux Desktop < 7.5.5.0 - Improper Access Control
CVSS 8.1
CVE-2016-5386 HIGH
Fedora < 1.6.3 - Improper Access Control
CVSS 8.1
Details
Vulnerabilities 5,345