CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,345 vulnerabilities with CWE-284
CVE-2016-1776
MEDIUM
Apple OS X Server <5.1 - Info Disclosure
CVSS 5.3
CVE-2016-1774
MEDIUM
Apple OS X Server <5.1 - Info Disclosure
CVSS 5.3
CVE-2016-1770
MEDIUM
macOS < 10.11.4 - Unauthenticated Dialing Action via Reminders tel: URL
CVSS 6.5
CVE-2016-0222
MEDIUM
IBM Maximo Asset Mgmt <7.6.0.3 - Auth Bypass
CVSS 4.3
CVE-2016-0208
LOW
IBM WebSphere Commerce <8.0.0.3 - DoS
CVSS 3.7
CVE-2016-1638
MEDIUM
Google Chrome <49.0.2623.75 - Info Disclosure
CVSS 6.3
CVE-2016-2243
HIGH
HP 700 Series Firmware - Improper Access Control
CVSS 7.9
CVE-2016-2278
HIGH
Schneider Electric Struxureware Building Operations Automation Server < 1.7 - Authenticated OS Command Execution
CVSS 7.2
CVE-2016-0225
MEDIUM
IBM WebSphere Commerce <7.0.0.9 - Info Disclosure
CVSS 4.9
CVE-2016-2275
CRITICAL
Advantech VESP211-EU and VESP211-232 Firmware - Improper Access Control via Client-Side Enforcement
CVSS 9.8
CVE-2016-1315
HIGH
Cisco AMP ESA <9.7.0-125 - Auth Bypass
CVSS 7.5
CVE-2016-2048
MEDIUM
Django 1.9.x < 1.9.2 - Authenticated Access Control Bypass via ModelAdmin Save As New
CVSS 5.5
CVE-2016-1302
HIGH
Cisco APIC <1.0.3h & Nexus 9000 ACI Mode <11.0.3h - Auth Bypass
CVSS 8.8
CVE-2016-1301
HIGH
Cisco ASA-CX <9.3.1.1 - Privilege Escalation
CVSS 8.8
CVE-2016-1905
HIGH
Kubernetes < 1.2.0-alpha.6 - Authenticated Improper Access Control via Patched Object
CVSS 7.7
CVE-2016-2049
HIGH
JanRain PHP OpenID - Authentication Hijacking via HTTP Host Header
CVSS 8.8
CVE-2016-1492
MEDIUM
Lenovo SHAREit <3.5.48_ww - Info Disclosure
CVSS 6.1
CVE-2016-0611
Oracle MySQL <5.6.28, <5.7.10 - DoS
CVE-2015-10057
MEDIUM
Little Apps Little Software Stats <0.2 - Improper Access Controls
CVSS 4.6
CVE-2015-9337
HIGH
Profile Builder < 2.1.4 - Unauthenticated Improper Access Control via Addon Activation
CVSS 7.5
CVE-2015-9291
HIGH
cPanel < 11.52.0.13 - Unauthenticated Arbitrary File Read via get_information_for_applications
CVSS 7.5
CVE-2015-9236
MEDIUM
hapi < 11.0.0 - Improper Access Control via CORS Header Inconsistency
CVSS 5.3
CVE-2015-9243
MEDIUM
hapi < 11.1.4 - Improper Access Control via CORS Configuration Override
CVSS 5.9
CVE-2015-9209
CRITICAL
Qualcomm MDM9206 and Snapdragon Firmware - Improper Access Control in File Storage API
CVSS 9.8
CVE-2015-9152
CRITICAL
Qualcomm Snapdragon Firmware - Improper Access Control in Modem Regions
CVSS 9.8
Details
Vulnerabilities
5,345