CWE-284
5,077 CVEs • Abstraction: Pillar
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVEs (5,077)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerabil...Show more |
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerabil...Show more |
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerabil...Show more |
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. |
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. |
1Emc 4Documentum Administrator Documentum Capital ProjectsDocumentum Taskspace+1 moreMay 6, 2026 Jun 23, 2016 N/A· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6....Show more |
1Ntt Bp 1Japan Connected Free Wi Fi May 6, 2026 Jun 19, 2016 N/A· v4 5.6 MEDIUM· v3 5.1 MEDIUM· v2 The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors. |
1Ibm 2Elastic Storage Server General Parallel File System Storage ServerMay 6, 2026 Jun 19, 2016 N/A· v4 8.4 HIGH· v3 4.6 MEDIUM· v2 IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows loc...Show more |
NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. |
1Microsoft 2Windows Server 2008 Windows Server 2012May 6, 2026 Jun 16, 2016 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory...Show more |
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052. |
4Canonical DebianLibndp+1 more10Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+7 moreMay 6, 2026 Jun 13, 2016 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of s...Show more |
2Atheme Opensuse3Atheme LeapOpensuseMay 6, 2026 Jun 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. |
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Act...Show more |
3Canonical LibimobiledeviceOpensuse5Leap LibimobiledeviceLibusbmuxd+2 moreMay 6, 2026 Jun 13, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP so...Show more |
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a t...Show more |
1Bmc 1Bladelogic Server Automation Console May 6, 2026 Jun 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sendin...Show more |
4Canonical DebianMozilla+1 more5Debian Linux FirefoxLeap+2 moreMay 6, 2026 Jun 13, 2016 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduc...Show more |
3Canonical MozillaOpensuse4Firefox LeapOpensuse+1 moreMay 6, 2026 Jun 13, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation perm...Show more |
3Canonical MozillaOpensuse4Firefox LeapOpensuse+1 moreMay 6, 2026 Jun 13, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. |