Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-01 | CVE-2016-3044 | Improper Access Control vulnerability in IBM Powerkvm The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | 6.5 |
| 2016-11-30 | CVE-2016-2887 | Improper Access Control vulnerability in IBM IMS Enterprise Suite IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 8.1 |
| 2016-11-30 | CVE-2016-2874 | Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 3.1 |
| 2016-11-30 | CVE-2016-8222 | Improper Access Control vulnerability in Lenovo products A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. | 4.4 |
| 2016-11-29 | CVE-2016-8223 | Improper Access Control vulnerability in Lenovo System Interface Foundation 1.0.66.0 During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges. | 7.8 |
| 2016-11-29 | CVE-2016-5393 | Improper Access Control vulnerability in Apache Hadoop In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. | 8.8 |
| 2016-11-28 | CVE-2016-8645 | Improper Access Control vulnerability in Linux Kernel The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. | 5.5 |
| 2016-11-28 | CVE-2016-8633 | Improper Access Control vulnerability in Linux Kernel drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. | 6.8 |
| 2016-11-25 | CVE-2016-2929 | Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | 8.1 |
| 2016-11-25 | CVE-2016-0319 | Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1 The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.5 |