CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2016-1776 MEDIUM
Apple OS X Server <5.1 - Info Disclosure
CVSS 5.3
CVE-2016-1774 MEDIUM
Apple OS X Server <5.1 - Info Disclosure
CVSS 5.3
CVE-2016-1770 MEDIUM
macOS < 10.11.4 - Unauthenticated Dialing Action via Reminders tel: URL
CVSS 6.5
CVE-2016-0222 MEDIUM
IBM Maximo Asset Mgmt <7.6.0.3 - Auth Bypass
CVSS 4.3
CVE-2016-0208 LOW
IBM WebSphere Commerce <8.0.0.3 - DoS
CVSS 3.7
CVE-2016-1638 MEDIUM
Google Chrome <49.0.2623.75 - Info Disclosure
CVSS 6.3
CVE-2016-2243 HIGH
HP 700 Series Firmware - Improper Access Control
CVSS 7.9
CVE-2016-2278 HIGH
Schneider Electric Struxureware Building Operations Automation Server < 1.7 - Authenticated OS Command Execution
CVSS 7.2
CVE-2016-0225 MEDIUM
IBM WebSphere Commerce <7.0.0.9 - Info Disclosure
CVSS 4.9
CVE-2016-2275 CRITICAL
Advantech VESP211-EU and VESP211-232 Firmware - Improper Access Control via Client-Side Enforcement
CVSS 9.8
CVE-2016-1315 HIGH
Cisco AMP ESA <9.7.0-125 - Auth Bypass
CVSS 7.5
CVE-2016-2048 MEDIUM
Django 1.9.x < 1.9.2 - Authenticated Access Control Bypass via ModelAdmin Save As New
CVSS 5.5
CVE-2016-1302 HIGH
Cisco APIC <1.0.3h & Nexus 9000 ACI Mode <11.0.3h - Auth Bypass
CVSS 8.8
CVE-2016-1301 HIGH
Cisco ASA-CX <9.3.1.1 - Privilege Escalation
CVSS 8.8
CVE-2016-1905 HIGH
Kubernetes < 1.2.0-alpha.6 - Authenticated Improper Access Control via Patched Object
CVSS 7.7
CVE-2016-2049 HIGH
JanRain PHP OpenID - Authentication Hijacking via HTTP Host Header
CVSS 8.8
CVE-2016-1492 MEDIUM
Lenovo SHAREit <3.5.48_ww - Info Disclosure
CVSS 6.1
CVE-2016-0611
Oracle MySQL <5.6.28, <5.7.10 - DoS
CVE-2015-10057 MEDIUM
Little Apps Little Software Stats <0.2 - Improper Access Controls
CVSS 4.6
CVE-2015-9337 HIGH
Profile Builder < 2.1.4 - Unauthenticated Improper Access Control via Addon Activation
CVSS 7.5
CVE-2015-9291 HIGH
cPanel < 11.52.0.13 - Unauthenticated Arbitrary File Read via get_information_for_applications
CVSS 7.5
CVE-2015-9236 MEDIUM
hapi < 11.0.0 - Improper Access Control via CORS Header Inconsistency
CVSS 5.3
CVE-2015-9243 MEDIUM
hapi < 11.1.4 - Improper Access Control via CORS Configuration Override
CVSS 5.9
CVE-2015-9209 CRITICAL
Qualcomm MDM9206 and Snapdragon Firmware - Improper Access Control in File Storage API
CVSS 9.8
CVE-2015-9152 CRITICAL
Qualcomm Snapdragon Firmware - Improper Access Control in Modem Regions
CVSS 9.8
Details
Vulnerabilities 5,345