Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-13 | CVE-2016-3635 | Improper Access Control vulnerability in SAP Netweaver 7.40 SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | 7.5 |
| 2016-10-13 | CVE-2016-8565 | Improper Access Control vulnerability in Siemens Automation License Manager 5.3 Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. | 9.1 |
| 2016-10-10 | CVE-2016-6690 | Improper Access Control vulnerability in Google Android The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted application, aka internal bug 28838221. | 5.5 |
| 2016-10-10 | CVE-2016-3925 | Improper Access Control vulnerability in Google Android 6.0/6.0.1/7.0 server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service (blocked Wi-Fi usage) via a crafted application, aka internal bug 30230534. | 5.5 |
| 2016-10-10 | CVE-2016-3923 | Improper Access Control vulnerability in Google Android The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115. | 5.5 |
| 2016-10-10 | CVE-2016-3882 | Improper Access Control vulnerability in Google Android 6.0/6.0.1/7.0 Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811. | 6.5 |
| 2016-10-07 | CVE-2016-7040 | Improper Access Control vulnerability in Redhat Cloudforms Management Engine 4.1 Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections. | 8.8 |
| 2016-10-07 | CVE-2016-6323 | Improper Access Control vulnerability in multiple products The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | 7.5 |
| 2016-10-06 | CVE-2015-1000010 | Improper Access Control vulnerability in Simple-Image-Manipulator Project Simple-Image-Manipulator 1.0 Remote file download in simple-image-manipulator v1.0 wordpress plugin | 7.5 |
| 2016-10-06 | CVE-2015-1000009 | Improper Access Control vulnerability in Google-Adsense-And-Hotel-Booking Project Google-Adsense-And-Hotel-Booking 1.05 Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 | 9.1 |