Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,077)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-5493 1Oracle 1Flexcube Private Banking May 6, 2026 Oct 25, 2016 N/A· v4 4.2 MEDIUM· v3 4.9 MEDIUM· v2 Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via unk...Show more Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.Show less
CVE-2016-5492 1Oracle 1Sun Zfs Storage Appliance Kit May 6, 2026 Oct 25, 2016 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors related to SMB Users.
CVE-2016-5491 1Oracle 1Commerce Service Center May 6, 2026 Oct 25, 2016 N/A· v4 8.2 HIGH· v3 5.8 MEDIUM· v2 Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors.
CVE-2016-5482 1Oracle 1Commerce Guided Search May 6, 2026 Oct 25, 2016 N/A· v4 8.2 HIGH· v3 5.8 MEDIUM· v2 Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vecto...Show more Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.Show less
CVE-2016-1000032 1Python 1Tgcaptcha2 May 6, 2026 Oct 25, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times.
CVE-2016-1000031 1Apache 1Commons Fileupload May 6, 2026 Oct 25, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
CVE-2016-0241 1Ibm 1Security Guardium Database Activity Monitor May 6, 2026 Oct 22, 2016 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified logi...Show more IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.Show less
CVE-2016-3392 1Microsoft 1Edge May 6, 2026 Oct 14, 2016 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Securit...Show more The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability."Show less
CVE-2016-0142 1Microsoft 5Windows 10 Windows 7Windows 8.1+2 more May 6, 2026 Oct 14, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video...Show more Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability."Show less
CVE-2016-6958 1Adobe 4Acrobat Acrobat DcAcrobat Reader Dc+1 more May 6, 2026 Oct 13, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass intended...Show more Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass intended access restrictions via unspecified vectors.Show less
CVE-2016-4286 2Adobe Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more May 6, 2026 Oct 13, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.
CVE-2016-4407 1Sap 1Sapcryptolib May 6, 2026 Oct 13, 2016 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223...Show more The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.Show less
CVE-2016-3635 1Sap 1Netweaver May 6, 2026 Oct 13, 2016 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlie...Show more SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.Show less
CVE-2016-8565 1Siemens 1Automation License Manager May 6, 2026 Oct 13, 2016 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
CVE-2016-6690 1Google 1Android May 6, 2026 Oct 10, 2016 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted application, aka internal...Show more The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted application, aka internal bug 28838221.Show less
CVE-2016-3925 1Google 1Android May 6, 2026 Oct 10, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service (blocked Wi-Fi usage) via a crafted application, aka internal bug 30230534.
CVE-2016-3923 1Google 1Android May 6, 2026 Oct 10, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 306...Show more The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115.Show less
CVE-2016-3882 1Google 1Android May 6, 2026 Oct 10, 2016 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provid...Show more Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811.Show less
CVE-2016-7040 1Redhat 1Cloudforms Management Engine May 6, 2026 Oct 7, 2016 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary sh...Show more Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.Show less
CVE-2016-6323 3Fedoraproject GnuOpensuse 3Fedora GlibcOpensuse May 6, 2026 Oct 7, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to ca...Show more The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.Show less

Previous 1...231232233...254 Next