CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2016-0323 MEDIUM
Liberty for Java <2.7-20160321-1358 - Privilege Escalation
CVSS 6.5
CVE-2016-1668 HIGH
Google Chrome < 50.0.2661.102 - Same Origin Policy Bypass via V8 Iterable Bindings
CVSS 8.8
CVE-2016-1667 HIGH
WebKit/Blink <50.0.2661.102 - RCE
CVSS 8.8
CVE-2016-2016 MEDIUM
HPE HP-UX 11iv3 - Privilege Escalation
CVSS 5.5
CVE-2016-2860 MEDIUM
OpenAFS < 1.6.17 - Authenticated Arbitrary Group Creation via Foreign Kerberos Realm
CVSS 6.5
CVE-2016-1117 CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 9.8
CVE-2016-1062 CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 9.8
CVE-2016-1044 CRITICAL
Adobe Acrobat and Reader < 11.0.15 - JavaScript API Execution Restriction Bypass
CVSS 10.0
CVE-2016-1042 CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 9.8
CVE-2016-1041 CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 10.0
CVE-2016-1040 CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 9.8
CVE-2016-1039 CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 9.8
CVE-2016-1038 CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 10.0
CVE-2016-0188 HIGH
Internet Explorer 11 - Security Feature Bypass via User Mode Code Integrity
CVSS 8.8
CVE-2016-0183 HIGH
Microsoft Office 2010 SP2 - Remote Code Execution via Crafted Embedded Font
CVSS 8.8
CVE-2016-0182 HIGH
Windows Journal - Remote Code Execution via Crafted .jnt File
CVSS 7.8
CVE-2016-0179 HIGH
Windows Shell - Remote Code Execution via Crafted Web Site
CVSS 7.8
CVE-2016-0170 HIGH
Microsoft Windows - Remote Code Execution via GDI Crafted Document
CVSS 8.8
CVE-2016-3105 HIGH
Debian Linux < 3.7.3 - Improper Access Control
CVSS 8.8
CVE-2016-2014 HIGH
HPE Network Node Manager i <10.02 - Privilege Escalation
CVSS 8.1
CVE-2016-2009 HIGH
HPE Network Node Manager i <10.01 - Command Injection
CVSS 8.8
CVE-2016-2167 MEDIUM
Apache Subversion < 1.8.16 and 1.9.x < 1.9.4 - Unauthenticated Authentication Bypass via Realm String Prefix
CVSS 6.8
CVE-2016-2820 MEDIUM
Firefox < 45.0.2 - Improper Access Control in Health Reports
CVSS 4.3
CVE-2016-2816 MEDIUM
Firefox < 45.0.2 - Content Security Policy Bypass via multipart/x-mixed-replace
CVSS 6.5
CVE-2016-1200 MEDIUM
LOCKON EC-CUBE <3.0.10 - Auth Bypass
CVSS 6.3
Details
Vulnerabilities 5,345