Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,077)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-1000010 1Simple Image Manipulator Project 1Simple Image Manipulator May 6, 2026 Oct 6, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Remote file download in simple-image-manipulator v1.0 wordpress plugin
CVE-2015-1000009 1Google Adsense And Hotel Booking Project 1Google Adsense And Hotel Booking May 6, 2026 Oct 6, 2016 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05
CVE-2016-5745 1F5 1Big Ip Local Traffic Manager May 6, 2026 Oct 5, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before...Show more F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64.Show less
CVE-2016-4551 1Sap 3Netweaver Sap AbaSap Basis May 6, 2026 Oct 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, ak...Show more The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.Show less
CVE-2016-5983 1Ibm 1Websphere Application Server May 6, 2026 Oct 5, 2016 N/A· v4 7.5 HIGH· v3 6.5 MEDIUM· v2 IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a...Show more IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.Show less
CVE-2016-1372 2Canonical Clamav 2Clamav Ubuntu Linux May 6, 2026 Oct 3, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.
CVE-2016-1371 2Canonical Clamav 2Clamav Ubuntu Linux May 6, 2026 Oct 3, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.
CVE-2016-5700 1F5 8Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Application Acceleration Manager+5 more May 6, 2026 Oct 3, 2016 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit P...Show more Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.Show less
CVE-2016-5176 1Google 1Chrome May 6, 2026 Sep 29, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
CVE-2016-6826 1Huawei 1Anyoffice Secureapp May 6, 2026 Sep 26, 2016 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment.
CVE-2016-8279 1Huawei 3Honor6 Firmware Mate S FirmwareP8 Firmware May 6, 2026 Sep 26, 2016 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with soft...Show more The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application.Show less
CVE-2016-5972 1Ibm 1Security Privileged Identity Manager Virtual Appliance May 6, 2026 Sep 26, 2016 N/A· v4 6.8 MEDIUM· v3 4.9 MEDIUM· v2 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify d...Show more IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.Show less
CVE-2016-5963 1Ibm 1Security Privileged Identity Manager Virtual Appliance May 6, 2026 Sep 26, 2016 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2016-5945 1Ibm 2Spectrum Control Tivoli Storage Productivity Center May 6, 2026 Sep 26, 2016 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request.
CVE-2016-5943 1Ibm 1Spectrum Control May 6, 2026 Sep 26, 2016 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified v...Show more IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors.Show less
CVE-2016-5173 1Google 1Chrome May 6, 2026 Sep 25, 2016 N/A· v4 7.1 HIGH· v3 6.8 MEDIUM· v2 The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaSc...Show more The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.Show less
CVE-2016-4760 1Apple 3Iphone Os ItunesSafari May 6, 2026 Sep 25, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
CVE-2016-4694 1Apple 2Mac Os X Os X Server May 6, 2026 Sep 25, 2016 N/A· v4 9.1 CRITICAL· v3 7.5 HIGH· v2 The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY en...Show more The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387.Show less
CVE-2016-5283 1Mozilla 1Firefox May 6, 2026 Sep 22, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color informa...Show more Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.Show less
CVE-2016-5273 1Mozilla 1Firefox May 6, 2026 Sep 22, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.

Previous 1...232233234...254 Next