CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2016-0277 HIGH
IBM Domino <9.0.1 - Buffer Overflow
CVSS 7.8
CVE-2016-1190 MEDIUM
Cybozu Garoon 3.1-4.2 - Authenticated Improper Access Control
CVSS 6.5
CVE-2016-0914 MEDIUM
EMC Documentum <7.2-6.8 - Auth Bypass
CVSS 6.3
CVE-2016-4811 MEDIUM
NTT Broadband Platform Japan Connected-free Wi-Fi <=1.15.1 (Android) & <=1.13.0 (iOS) - MITM Unauthenticated API Access
CVSS 5.6
CVE-2016-0392 HIGH
IBM Elastic Storage Server 2.5.x-2.5.5, 3.x < 3.5.5, 4.x < 4.0.3 - Privilege Escalation via Setuid Program Parameter
CVSS 8.4
CVE-2016-4813 HIGH
NetCommons < 2.4.2.1 - Authenticated Privilege Escalation via Account Creation
CVSS 8.8
CVE-2016-3226 MEDIUM
Active Directory in Windows Server 2008 R2 SP1 and 2012 - Authenticated DoS via Machine Account Creation
CVSS 6.5
CVE-2016-5366 HIGH
Huawei Honor WS851 Firmware < 1.1.21.1 - Unauthenticated Configuration Modification via File Injection
CVSS 7.5
CVE-2016-3698 HIGH
libndp <1.6 - Man-in-the-Middle/DoS
CVSS 8.1
CVE-2016-5302 CRITICAL
Citrix XenServer < 7.0 - Remote Host Compromise via Active Directory Credentials
CVSS 9.8
CVE-2016-5104 MEDIUM
libimobiledevice < 1.2.0 and libusbmuxd < 1.0.10 - Improper Access Control via IPv4 TCP Socket
CVSS 5.3
CVE-2016-4911 MEDIUM
OpenStack Identity (Keystone) 9.0.0 - Authenticated Improper Access Control via Fernet Token Rescoping
CVSS 4.3
CVE-2016-1543 HIGH
BMC BladeLogic Server Automation <8.8 - Auth Bypass
CVSS 7.5
CVE-2016-2831 HIGH
Canonical Ubuntu Linux < 46.0.1 - Security Feature Bypass
CVSS 8.8
CVE-2016-2829 MEDIUM
Opensuse Leap < 46.0.1 - Improper Access Control
CVSS 6.5
CVE-2016-2825 MEDIUM
Canonical Ubuntu Linux < 46.0.1 - Improper Access Control
CVSS 6.5
CVE-2016-2822 MEDIUM
Debian Linux < 46.0.1 - Improper Access Control
CVSS 6.5
CVE-2016-2785 CRITICAL
Puppet Server < 2.3.2 and Puppet 4.0.0-4.4.1 - Improper Access Control via URL Decoding Bypass
CVSS 9.8
CVE-2016-4524 MEDIUM
ABB PCM600 < 2.6 - Unauthenticated Sensitive Information Exposure via OPC Server Password Storage
CVSS 6.5
CVE-2016-4495 MEDIUM
KMC Controls BAC-5051E Firmware - Unauthenticated Configuration File Read
CVSS 5.3
CVE-2016-2150 HIGH
Redhat Enterprise Linux - Improper Access Control
CVSS 7.1
CVE-2016-1581 MEDIUM
LXD <2.0.2 - Info Disclosure
CVSS 5.5
CVE-2016-3708 HIGH
Red Hat OpenShift Enterprise 3.2 - Privilege Escalation
CVSS 7.1
CVE-2016-3703 MEDIUM
Red Hat OpenShift Enterprise 3.2-3.1 - Info Disclosure
CVSS 5.3
CVE-2016-4369 HIGH
HPE Discovery and Dependency Mapping Inventory 9.30-9.32 - Authenticated RCE via Deserialization
CVSS 8.8
Details
Vulnerabilities 5,345