Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-21 | CVE-2016-2433 | Improper Access Control vulnerability in Google Android The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. | 8.8 |
| 2017-04-21 | CVE-2016-1518 | Improper Access Control vulnerability in Grandstream Wave 1.0.1.26 The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/. | 8.1 |
| 2017-04-20 | CVE-2016-3733 | Improper Access Control vulnerability in Moodle The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | 4.3 |
| 2017-04-20 | CVE-2016-3729 | Improper Access Control vulnerability in Moodle The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. | 6.5 |
| 2017-04-20 | CVE-2016-4850 | Improper Access Control vulnerability in Linecorp Line 4.3.0.724/4.7.0/4.8.2.1125 LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | 8.1 |
| 2017-04-20 | CVE-2016-1220 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon before 4.2.2 does not properly restrict access. | 4.3 |
| 2017-04-20 | CVE-2016-6338 | Improper Access Control vulnerability in Redhat Enterprise Virtualization 4.0 ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. | 6.8 |
| 2017-04-20 | CVE-2016-6337 | Improper Access Control vulnerability in Mediawiki 1.27.0 MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. | 7.5 |
| 2017-04-20 | CVE-2016-6336 | Improper Access Control vulnerability in Mediawiki MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete. | 6.5 |
| 2017-04-20 | CVE-2016-6331 | Improper Access Control vulnerability in Mediawiki ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. | 7.5 |