CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2016-4963 MEDIUM
Xen through 4.6.x - Denial of Service via libxl Device-Handling
CVSS 4.7
CVE-2016-1699 MEDIUM
WebKit/Source/devtools/front_end/devtools.js - Info Disclosure
CVSS 6.5
CVE-2016-1697 HIGH
Google Chrome < 51.0.2704.79 - Same Origin Policy Bypass via Frame Navigation
CVSS 8.8
CVE-2016-1696 HIGH
Google Chrome < 51.0.2704.79 - Same Origin Policy Bypass via Extensions Bindings
CVSS 8.8
CVE-2016-1694 MEDIUM
Google Chrome <51.0.2704.63 - Info Disclosure
CVSS 5.3
CVE-2016-1693 MEDIUM
Google Chrome <51.0.2704.63 - Man-in-the-Middle
CVSS 5.3
CVE-2016-1692 MEDIUM
Google Chrome <51.0.2704.63 - SSRF
CVSS 5.3
CVE-2016-1682 MEDIUM
WebKit/Blink <51.0.2704.63 - Auth Bypass
CVSS 6.1
CVE-2016-1676 HIGH
Google Chrome <51.0.2704.63 - XSS
CVSS 8.8
CVE-2016-1675 HIGH
Google Chrome <51.0.2704.63 - CSRF
CVSS 8.8
CVE-2016-1672 HIGH
Google Chrome < 51.0.2704.63 - Same Origin Policy Bypass via ModuleSystem Bindings Interception
CVSS 8.8
CVE-2016-4810 HIGH
Citrix XenApp and XenDesktop - Improper Access Control
CVSS 7.5
CVE-2016-4502 HIGH
envirosys ESC 8832 Data Controller < 3.02 - Unauthenticated Arbitrary Function Execution via Parameter Modification
CVSS 7.5
CVE-2016-4501 CRITICAL
envirosys ESC 8832 Data Controller < 3.02 - Unauthenticated Authentication Bypass
CVSS 9.1
CVE-2016-1999 CRITICAL
HP Release Control 9.13, 9.20, 9.21 - Remote Code Execution via Apache Commons Collections Deserialization
CVSS 9.8
CVE-2016-1406 HIGH
Cisco Prime Infrastructure <3.1 - Cisco Evolved Programmable Networ...
CVSS 8.8
CVE-2016-2159 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - Auth Bypass via Web-Service
CVSS 4.3
CVE-2016-3728 HIGH
Foreman <1.10.4, <1.11.2 - Code Injection
CVSS 8.8
CVE-2016-2100 MEDIUM
Foreman < 1.10.3 and 1.11.0-RC2 - Authenticated Improper Access Control via Bookmark Permissions
CVSS 5.4
CVE-2016-1844 MEDIUM
Apple OS X <10.11.5 - Info Disclosure
CVSS 5.3
CVE-2016-1842 HIGH
Apple iOS <9.3.2, OS X <10.11.5, watchOS <2.2.1 - Info Disclosure
CVSS 7.5
CVE-2016-1806 HIGH
macOS < 10.11.5 - Privilege Escalation via Crash Reporter
CVSS 7.8
CVE-2016-1805 HIGH
macOS < 10.11.5 - Privilege Escalation via CoreStorage
CVSS 7.8
CVE-2016-1797 HIGH
Apple OS X <10.11.5 - Privilege Escalation
CVSS 7.8
CVE-2016-0731 MEDIUM
Apache Ambari <2.2.1 - Info Disclosure
CVSS 4.9
Details
Vulnerabilities 5,345