CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,345 vulnerabilities with CWE-284
CVE-2016-4963
MEDIUM
Xen through 4.6.x - Denial of Service via libxl Device-Handling
CVSS 4.7
CVE-2016-1699
MEDIUM
WebKit/Source/devtools/front_end/devtools.js - Info Disclosure
CVSS 6.5
CVE-2016-1697
HIGH
Google Chrome < 51.0.2704.79 - Same Origin Policy Bypass via Frame Navigation
CVSS 8.8
CVE-2016-1696
HIGH
Google Chrome < 51.0.2704.79 - Same Origin Policy Bypass via Extensions Bindings
CVSS 8.8
CVE-2016-1694
MEDIUM
Google Chrome <51.0.2704.63 - Info Disclosure
CVSS 5.3
CVE-2016-1693
MEDIUM
Google Chrome <51.0.2704.63 - Man-in-the-Middle
CVSS 5.3
CVE-2016-1692
MEDIUM
Google Chrome <51.0.2704.63 - SSRF
CVSS 5.3
CVE-2016-1682
MEDIUM
WebKit/Blink <51.0.2704.63 - Auth Bypass
CVSS 6.1
CVE-2016-1676
HIGH
Google Chrome <51.0.2704.63 - XSS
CVSS 8.8
CVE-2016-1675
HIGH
Google Chrome <51.0.2704.63 - CSRF
CVSS 8.8
CVE-2016-1672
HIGH
Google Chrome < 51.0.2704.63 - Same Origin Policy Bypass via ModuleSystem Bindings Interception
CVSS 8.8
CVE-2016-4810
HIGH
Citrix XenApp and XenDesktop - Improper Access Control
CVSS 7.5
CVE-2016-4502
HIGH
envirosys ESC 8832 Data Controller < 3.02 - Unauthenticated Arbitrary Function Execution via Parameter Modification
CVSS 7.5
CVE-2016-4501
CRITICAL
envirosys ESC 8832 Data Controller < 3.02 - Unauthenticated Authentication Bypass
CVSS 9.1
CVE-2016-1999
CRITICAL
HP Release Control 9.13, 9.20, 9.21 - Remote Code Execution via Apache Commons Collections Deserialization
CVSS 9.8
CVE-2016-1406
HIGH
Cisco Prime Infrastructure <3.1 - Cisco Evolved Programmable Networ...
CVSS 8.8
CVE-2016-2159
MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - Auth Bypass via Web-Service
CVSS 4.3
CVE-2016-3728
HIGH
Foreman <1.10.4, <1.11.2 - Code Injection
CVSS 8.8
CVE-2016-2100
MEDIUM
Foreman < 1.10.3 and 1.11.0-RC2 - Authenticated Improper Access Control via Bookmark Permissions
CVSS 5.4
CVE-2016-1844
MEDIUM
Apple OS X <10.11.5 - Info Disclosure
CVSS 5.3
CVE-2016-1842
HIGH
Apple iOS <9.3.2, OS X <10.11.5, watchOS <2.2.1 - Info Disclosure
CVSS 7.5
CVE-2016-1806
HIGH
macOS < 10.11.5 - Privilege Escalation via Crash Reporter
CVSS 7.8
CVE-2016-1805
HIGH
macOS < 10.11.5 - Privilege Escalation via CoreStorage
CVSS 7.8
CVE-2016-1797
HIGH
Apple OS X <10.11.5 - Privilege Escalation
CVSS 7.8
CVE-2016-0731
MEDIUM
Apache Ambari <2.2.1 - Info Disclosure
CVSS 4.9
Details
Vulnerabilities
5,345