CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,345 vulnerabilities with CWE-284
CVE-2016-4081
MEDIUM
Wireshark 1.12.x < 1.12.11 and 2.0.x < 2.0.3 - Denial of Service via IAX2 Dissector Infinite Loop
CVSS 5.9
CVE-2016-4076
MEDIUM
Wireshark 2.0.x - Denial of Service in NCP Dissector
CVSS 5.9
CVE-2016-4064
HIGH
Foxit Reader & PhantomPDF <7.3.4 - RCE
CVSS 7.8
CVE-2016-2354
HIGH
Lemur Vehicle Monitors BlueDriver < 6.3.2 - Unauthenticated CAN Command Injection via Bluetooth Pairing
CVSS 8.8
CVE-2016-3427
CRITICAL
KEV
Oracle JDK and JRE - Remote Code Execution via JMX
CVSS 9.8
CVE-2016-1658
MEDIUM
Google Chrome < 49.0.2623.112 - Unauthenticated Exposure of Sensitive Information via Extension Origin Comparison Bypass
CVSS 4.3
CVE-2016-1656
HIGH
Google Chrome <50.0.2661.75 - Open Redirect
CVSS 7.5
CVE-2016-4018
HIGH
SAP HANA - Improper Access Control in Data Provisioning Agent
CVSS 7.3
CVE-2016-0757
MEDIUM
OpenStack Image Service - Privilege Escalation
CVSS 4.3
CVE-2016-3159
LOW
Oracle VM Server - Information Disclosure via FPU Register Handling
CVSS 3.8
CVE-2016-3158
LOW
Xen < 4.4.0 - Unauthorized Sensitive Information Exposure via xrstor Function
CVSS 3.8
CVE-2016-0153
HIGH
Microsoft Windows OLE - Remote Code Execution via Crafted File
CVSS 7.8
CVE-2016-0088
CRITICAL
Hyper-V in Windows 8.1, Windows Server 2012, and Windows 10 - Remote Code Execution
CVSS 9.3
CVE-2016-3165
HIGH
Drupal 6.x < 6.38 - Improper Access Control via Form API Submit Button
CVSS 7.5
CVE-2016-3162
HIGH
Drupal 7.x < 7.43 and 8.x < 8.0.4 - Authenticated Improper Access Control in File Module
CVSS 8.1
CVE-2016-1866
HIGH
Salt 2015.8.x < 2015.8.4 - Remote Code Execution via Minion-Master Data Stream
CVSS 8.1
CVE-2016-3987
CRITICAL
Trend Micro Password Manager - Command Injection
CVSS 9.8
CVE-2016-3985
MEDIUM
Pulse Connect Secure <8.2R1 - Auth Bypass
CVSS 6.5
CVE-2016-3984
MEDIUM
McAfee Active Response < 1.1.0.161 - Local Administrator Bypass of Self-Protection via Registry Key Modification
CVSS 5.1
CVE-2016-2277
MEDIUM
Rockwell Automation Integrated Architecture Builder < 9.6.0.8 & 9.7.x < 9.7.0.2 - RCE via Crafted Project File
CVSS 6.3
CVE-2016-2272
HIGH
Eaton Lighting EG2 Web Control < 4.04p - Improper Access Control via Modified Cookie
CVSS 7.5
CVE-2016-0289
MEDIUM
IBM Maximo Asset Mgmt <7.5.0.10, <7.6.0.4 - Auth Bypass
CVSS 4.3
CVE-2016-1760
MEDIUM
iPhone OS < 9.3 - Unauthenticated Arbitrary App Event Modification via XPC Services API
CVSS 6.2
CVE-2016-0226
HIGH
IBM Informix Dynamic Server 11.70.xCN - Privilege Escalation
CVSS 7.8
CVE-2016-1782
MEDIUM
Safari < 9.1 - Improper Access Control via Port Redirection
CVSS 6.5
Details
Vulnerabilities
5,345