CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2016-4081 MEDIUM
Wireshark 1.12.x < 1.12.11 and 2.0.x < 2.0.3 - Denial of Service via IAX2 Dissector Infinite Loop
CVSS 5.9
CVE-2016-4076 MEDIUM
Wireshark 2.0.x - Denial of Service in NCP Dissector
CVSS 5.9
CVE-2016-4064 HIGH
Foxit Reader & PhantomPDF <7.3.4 - RCE
CVSS 7.8
CVE-2016-2354 HIGH
Lemur Vehicle Monitors BlueDriver < 6.3.2 - Unauthenticated CAN Command Injection via Bluetooth Pairing
CVSS 8.8
CVE-2016-3427 CRITICAL KEV
Oracle JDK and JRE - Remote Code Execution via JMX
CVSS 9.8
CVE-2016-1658 MEDIUM
Google Chrome < 49.0.2623.112 - Unauthenticated Exposure of Sensitive Information via Extension Origin Comparison Bypass
CVSS 4.3
CVE-2016-1656 HIGH
Google Chrome <50.0.2661.75 - Open Redirect
CVSS 7.5
CVE-2016-4018 HIGH
SAP HANA - Improper Access Control in Data Provisioning Agent
CVSS 7.3
CVE-2016-0757 MEDIUM
OpenStack Image Service - Privilege Escalation
CVSS 4.3
CVE-2016-3159 LOW
Oracle VM Server - Information Disclosure via FPU Register Handling
CVSS 3.8
CVE-2016-3158 LOW
Xen < 4.4.0 - Unauthorized Sensitive Information Exposure via xrstor Function
CVSS 3.8
CVE-2016-0153 HIGH
Microsoft Windows OLE - Remote Code Execution via Crafted File
CVSS 7.8
CVE-2016-0088 CRITICAL
Hyper-V in Windows 8.1, Windows Server 2012, and Windows 10 - Remote Code Execution
CVSS 9.3
CVE-2016-3165 HIGH
Drupal 6.x < 6.38 - Improper Access Control via Form API Submit Button
CVSS 7.5
CVE-2016-3162 HIGH
Drupal 7.x < 7.43 and 8.x < 8.0.4 - Authenticated Improper Access Control in File Module
CVSS 8.1
CVE-2016-1866 HIGH
Salt 2015.8.x < 2015.8.4 - Remote Code Execution via Minion-Master Data Stream
CVSS 8.1
CVE-2016-3987 CRITICAL
Trend Micro Password Manager - Command Injection
CVSS 9.8
CVE-2016-3985 MEDIUM
Pulse Connect Secure <8.2R1 - Auth Bypass
CVSS 6.5
CVE-2016-3984 MEDIUM
McAfee Active Response < 1.1.0.161 - Local Administrator Bypass of Self-Protection via Registry Key Modification
CVSS 5.1
CVE-2016-2277 MEDIUM
Rockwell Automation Integrated Architecture Builder < 9.6.0.8 & 9.7.x < 9.7.0.2 - RCE via Crafted Project File
CVSS 6.3
CVE-2016-2272 HIGH
Eaton Lighting EG2 Web Control < 4.04p - Improper Access Control via Modified Cookie
CVSS 7.5
CVE-2016-0289 MEDIUM
IBM Maximo Asset Mgmt <7.5.0.10, <7.6.0.4 - Auth Bypass
CVSS 4.3
CVE-2016-1760 MEDIUM
iPhone OS < 9.3 - Unauthenticated Arbitrary App Event Modification via XPC Services API
CVSS 6.2
CVE-2016-0226 HIGH
IBM Informix Dynamic Server 11.70.xCN - Privilege Escalation
CVSS 7.8
CVE-2016-1782 MEDIUM
Safari < 9.1 - Improper Access Control via Port Redirection
CVSS 6.5
Details
Vulnerabilities 5,345