CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,345 vulnerabilities with CWE-284
CVE-2016-0323
MEDIUM
Liberty for Java <2.7-20160321-1358 - Privilege Escalation
CVSS 6.5
CVE-2016-1668
HIGH
Google Chrome < 50.0.2661.102 - Same Origin Policy Bypass via V8 Iterable Bindings
CVSS 8.8
CVE-2016-1667
HIGH
WebKit/Blink <50.0.2661.102 - RCE
CVSS 8.8
CVE-2016-2016
MEDIUM
HPE HP-UX 11iv3 - Privilege Escalation
CVSS 5.5
CVE-2016-2860
MEDIUM
OpenAFS < 1.6.17 - Authenticated Arbitrary Group Creation via Foreign Kerberos Realm
CVSS 6.5
CVE-2016-1117
CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 9.8
CVE-2016-1062
CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 9.8
CVE-2016-1044
CRITICAL
Adobe Acrobat and Reader < 11.0.15 - JavaScript API Execution Restriction Bypass
CVSS 10.0
CVE-2016-1042
CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 9.8
CVE-2016-1041
CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 10.0
CVE-2016-1040
CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 9.8
CVE-2016-1039
CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 9.8
CVE-2016-1038
CRITICAL
Adobe Acrobat and Reader < 11.0.16 - JavaScript API Execution Restriction Bypass
CVSS 10.0
CVE-2016-0188
HIGH
Internet Explorer 11 - Security Feature Bypass via User Mode Code Integrity
CVSS 8.8
CVE-2016-0183
HIGH
Microsoft Office 2010 SP2 - Remote Code Execution via Crafted Embedded Font
CVSS 8.8
CVE-2016-0182
HIGH
Windows Journal - Remote Code Execution via Crafted .jnt File
CVSS 7.8
CVE-2016-0179
HIGH
Windows Shell - Remote Code Execution via Crafted Web Site
CVSS 7.8
CVE-2016-0170
HIGH
Microsoft Windows - Remote Code Execution via GDI Crafted Document
CVSS 8.8
CVE-2016-3105
HIGH
Debian Linux < 3.7.3 - Improper Access Control
CVSS 8.8
CVE-2016-2014
HIGH
HPE Network Node Manager i <10.02 - Privilege Escalation
CVSS 8.1
CVE-2016-2009
HIGH
HPE Network Node Manager i <10.01 - Command Injection
CVSS 8.8
CVE-2016-2167
MEDIUM
Apache Subversion < 1.8.16 and 1.9.x < 1.9.4 - Unauthenticated Authentication Bypass via Realm String Prefix
CVSS 6.8
CVE-2016-2820
MEDIUM
Firefox < 45.0.2 - Improper Access Control in Health Reports
CVSS 4.3
CVE-2016-2816
MEDIUM
Firefox < 45.0.2 - Content Security Policy Bypass via multipart/x-mixed-replace
CVSS 6.5
CVE-2016-1200
MEDIUM
LOCKON EC-CUBE <3.0.10 - Auth Bypass
CVSS 6.3
Details
Vulnerabilities
5,345