Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-30 | CVE-2014-3624 | Improper Access Control vulnerability in Apache Traffic Server 5.1.0 Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. | 9.8 |
| 2017-10-30 | CVE-2013-4246 | Improper Access Control vulnerability in Apache Subversion 1.8.0/1.8.1 libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. | 8.8 |
| 2017-10-23 | CVE-2010-2232 | Improper Access Control vulnerability in Apache Derby In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file. | 7.5 |
| 2017-10-19 | CVE-2012-4380 | Improper Access Control vulnerability in Mediawiki MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors. | 7.5 |
| 2017-10-19 | CVE-2012-4379 | Improper Access Control vulnerability in Mediawiki MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element. | 6.5 |
| 2017-10-18 | CVE-2016-5714 | Improper Access Control vulnerability in Puppet Agent and Puppet Enterprise Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." | 7.2 |
| 2017-10-17 | CVE-2014-2277 | Improper Access Control vulnerability in Perltidy Project Perltidy The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function. | 7.1 |
| 2017-10-17 | CVE-2014-9489 | Improper Access Control vulnerability in Gollum Project Gollum The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags. | 8.8 |
| 2017-10-16 | CVE-2014-9148 | Improper Access Control vulnerability in Fiyo CMS Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur. | 9.8 |
| 2017-10-10 | CVE-2016-10514 | Improper Access Control vulnerability in Piwigo url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring. | 6.5 |