Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-03 | CVE-2016-1371 | Improper Access Control vulnerability in multiple products ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. | 5.5 |
| 2016-10-03 | CVE-2016-5700 | Improper Access Control vulnerability in F5 products Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors. | 9.8 |
| 2016-09-29 | CVE-2016-5176 | Improper Access Control vulnerability in Google Chrome Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. | 6.5 |
| 2016-09-26 | CVE-2016-6826 | Improper Access Control vulnerability in Huawei Anyoffice Secureapp 2.5.0301.0190/2.5.0501.0190 Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | 6.5 |
| 2016-09-26 | CVE-2016-8279 | Improper Access Control vulnerability in Huawei Honor6 Firmware, Mate S Firmware and P8 Firmware The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. | 5.5 |
| 2016-09-26 | CVE-2016-5972 | Improper Access Control vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 6.8 |
| 2016-09-26 | CVE-2016-5963 | Improper Access Control vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 8.8 |
| 2016-09-26 | CVE-2016-5945 | Improper Access Control vulnerability in IBM products IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request. | 4.3 |
| 2016-09-26 | CVE-2016-5943 | Improper Access Control vulnerability in IBM Spectrum Control IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors. | 5.4 |
| 2016-09-25 | CVE-2016-5173 | Improper Access Control vulnerability in Google Chrome The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack. | 7.1 |