Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-26 | CVE-2014-2048 | Improper Access Control vulnerability in Owncloud The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | 9.8 |
| 2018-03-19 | CVE-2014-2884 | Improper Access Control vulnerability in Truecrypt Project Truecrypt 7.1 The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. | 3.3 |
| 2018-03-19 | CVE-2015-5350 | Improper Access Control vulnerability in Cloudfoundry Garden 0.22.0/0.329.0 In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. | 7.5 |
| 2018-02-15 | CVE-2016-8529 | Improper Access Control vulnerability in HP Lefthand 12.5 A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. | 7.6 |
| 2018-02-06 | CVE-2014-5279 | Improper Access Control vulnerability in Boot2Docker The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers. | 8.8 |
| 2018-02-02 | CVE-2016-0342 | Improper Access Control vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. | 5.4 |
| 2018-02-01 | CVE-2014-9504 | Improper Access Control vulnerability in Open Atrium Project Open Atrium The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance. | 7.5 |
| 2018-02-01 | CVE-2014-3519 | Improper Access Control vulnerability in Openvz Vzkernel 2.6.32 The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure. | 6.5 |
| 2018-01-30 | CVE-2016-6598 | Improper Access Control vulnerability in BMC Track-It! 11.3/11.3.0.355/11.4 BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. | 9.8 |
| 2018-01-12 | CVE-2015-3888 | Improper Access Control vulnerability in Jolla Sailfish OS Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL. | 7.5 |