Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,077)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-8362 1Vivint 1Sky Control Panel Firmware May 13, 2026 Jan 23, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.
CVE-2016-8643 1Moodle 1Moodle May 13, 2026 Jan 20, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
CVE-2016-8642 1Moodle 1Moodle May 13, 2026 Jan 20, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
CVE-2016-9016 1Firejail Project 1Firejail May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVE-2016-7794 1Sociomantic 1Git Hub May 13, 2026 Jan 19, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.
CVE-2016-7793 1Sociomantic 1Git Hub May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.
CVE-2016-7545 3Fedoraproject RedhatSelinux Project 7Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+4 more May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVE-2016-5217 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolat...Show more The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.Show less
CVE-2016-5206 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafte...Show more The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.Show less
CVE-2016-10148 1Wordpress 1Wordpress May 13, 2026 Jan 18, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypa...Show more The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.Show less
CVE-2016-8606 2Fedoraproject Gnu 2Fedora Guile May 6, 2026 Jan 12, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
CVE-2016-8444 1Linux 1Linux Kernel May 6, 2026 Jan 12, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...Show more An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310.Show less
CVE-2016-8435 1Linux 1Linux Kernel May 6, 2026 Jan 12, 2017 N/A· v4 7.0 HIGH· v3 9.3 HIGH· v2 An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibili...Show more An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435.Show less
CVE-2016-8434 1Linux 1Linux Kernel May 6, 2026 Jan 12, 2017 N/A· v4 7.0 HIGH· v3 9.3 HIGH· v2 An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibi...Show more An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855.Show less
CVE-2016-8415 1Linux 1Linux Kernel May 6, 2026 Jan 12, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first req...Show more An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596.Show less
CVE-2016-8412 1Linux 1Linux Kernel May 6, 2026 Jan 12, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...Show more An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891.Show less
CVE-2016-8399 1Linux 1Linux Kernel May 6, 2026 Jan 12, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it...Show more An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.Show less
CVE-2016-8394 1Linux 1Linux Kernel May 6, 2026 Jan 12, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it fi...Show more An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197.Show less
CVE-2016-8393 1Linux 1Linux Kernel May 6, 2026 Jan 12, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it fi...Show more An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920.Show less
CVE-2016-8392 1Linux 1Linux Kernel May 6, 2026 Jan 12, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first req...Show more An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31385862. References: QC-CR#1073136.Show less

Previous 1...222223224...254 Next