Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-10 | CVE-2016-9645 | Improper Access Control vulnerability in Ikiwiki The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. | 6.5 |
| 2018-04-10 | CVE-2014-1400 | Improper Access Control vulnerability in multiple products The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. | 6.5 |
| 2018-04-10 | CVE-2014-1399 | Improper Access Control vulnerability in multiple products The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. | 6.5 |
| 2018-04-10 | CVE-2014-1398 | Improper Access Control vulnerability in multiple products The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. | 6.5 |
| 2018-04-03 | CVE-2016-8365 | Improper Access Control vulnerability in Osisoft products OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. | 5.5 |
| 2018-03-26 | CVE-2014-2048 | Improper Access Control vulnerability in Owncloud The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | 9.8 |
| 2018-03-19 | CVE-2014-2884 | Improper Access Control vulnerability in Truecrypt Project Truecrypt 7.1 The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. | 3.3 |
| 2018-03-19 | CVE-2015-5350 | Improper Access Control vulnerability in Cloudfoundry Garden 0.22.0/0.329.0 In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. | 7.5 |
| 2018-02-15 | CVE-2016-8529 | Improper Access Control vulnerability in HP Lefthand 12.5 A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. | 7.6 |
| 2018-02-06 | CVE-2014-5279 | Improper Access Control vulnerability in Boot2Docker The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers. | 8.8 |