CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,345 vulnerabilities with CWE-284
CVE-2016-0277
HIGH
IBM Domino <9.0.1 - Buffer Overflow
CVSS 7.8
CVE-2016-1190
MEDIUM
Cybozu Garoon 3.1-4.2 - Authenticated Improper Access Control
CVSS 6.5
CVE-2016-0914
MEDIUM
EMC Documentum <7.2-6.8 - Auth Bypass
CVSS 6.3
CVE-2016-4811
MEDIUM
NTT Broadband Platform Japan Connected-free Wi-Fi <=1.15.1 (Android) & <=1.13.0 (iOS) - MITM Unauthenticated API Access
CVSS 5.6
CVE-2016-0392
HIGH
IBM Elastic Storage Server 2.5.x-2.5.5, 3.x < 3.5.5, 4.x < 4.0.3 - Privilege Escalation via Setuid Program Parameter
CVSS 8.4
CVE-2016-4813
HIGH
NetCommons < 2.4.2.1 - Authenticated Privilege Escalation via Account Creation
CVSS 8.8
CVE-2016-3226
MEDIUM
Active Directory in Windows Server 2008 R2 SP1 and 2012 - Authenticated DoS via Machine Account Creation
CVSS 6.5
CVE-2016-5366
HIGH
Huawei Honor WS851 Firmware < 1.1.21.1 - Unauthenticated Configuration Modification via File Injection
CVSS 7.5
CVE-2016-3698
HIGH
libndp <1.6 - Man-in-the-Middle/DoS
CVSS 8.1
CVE-2016-5302
CRITICAL
Citrix XenServer < 7.0 - Remote Host Compromise via Active Directory Credentials
CVSS 9.8
CVE-2016-5104
MEDIUM
libimobiledevice < 1.2.0 and libusbmuxd < 1.0.10 - Improper Access Control via IPv4 TCP Socket
CVSS 5.3
CVE-2016-4911
MEDIUM
OpenStack Identity (Keystone) 9.0.0 - Authenticated Improper Access Control via Fernet Token Rescoping
CVSS 4.3
CVE-2016-1543
HIGH
BMC BladeLogic Server Automation <8.8 - Auth Bypass
CVSS 7.5
CVE-2016-2831
HIGH
Canonical Ubuntu Linux < 46.0.1 - Security Feature Bypass
CVSS 8.8
CVE-2016-2829
MEDIUM
Opensuse Leap < 46.0.1 - Improper Access Control
CVSS 6.5
CVE-2016-2825
MEDIUM
Canonical Ubuntu Linux < 46.0.1 - Improper Access Control
CVSS 6.5
CVE-2016-2822
MEDIUM
Debian Linux < 46.0.1 - Improper Access Control
CVSS 6.5
CVE-2016-2785
CRITICAL
Puppet Server < 2.3.2 and Puppet 4.0.0-4.4.1 - Improper Access Control via URL Decoding Bypass
CVSS 9.8
CVE-2016-4524
MEDIUM
ABB PCM600 < 2.6 - Unauthenticated Sensitive Information Exposure via OPC Server Password Storage
CVSS 6.5
CVE-2016-4495
MEDIUM
KMC Controls BAC-5051E Firmware - Unauthenticated Configuration File Read
CVSS 5.3
CVE-2016-2150
HIGH
Redhat Enterprise Linux - Improper Access Control
CVSS 7.1
CVE-2016-1581
MEDIUM
LXD <2.0.2 - Info Disclosure
CVSS 5.5
CVE-2016-3708
HIGH
Red Hat OpenShift Enterprise 3.2 - Privilege Escalation
CVSS 7.1
CVE-2016-3703
MEDIUM
Red Hat OpenShift Enterprise 3.2-3.1 - Info Disclosure
CVSS 5.3
CVE-2016-4369
HIGH
HPE Discovery and Dependency Mapping Inventory 9.30-9.32 - Authenticated RCE via Deserialization
CVSS 8.8
Details
Vulnerabilities
5,345