Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-25 | CVE-2016-2929 | Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | 8.1 |
| 2016-11-25 | CVE-2016-0319 | Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1 The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.5 |
| 2016-11-25 | CVE-2016-0318 | Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1 Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. | 5.0 |
| 2016-11-25 | CVE-2016-0317 | Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1 Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 6.5 |
| 2016-11-25 | CVE-2016-6747 | Improper Access Control vulnerability in Google Android A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. | 5.5 |
| 2016-11-25 | CVE-2016-6725 | Improper Access Control vulnerability in Google Android A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. | 9.8 |
| 2016-11-25 | CVE-2016-6724 | Improper Access Control vulnerability in Google Android A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. | 5.5 |
| 2016-11-25 | CVE-2016-6723 | Improper Access Control vulnerability in Google Android A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. | 4.7 |
| 2016-11-25 | CVE-2016-6716 | Improper Access Control vulnerability in Google Android An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. | 5.5 |
| 2016-11-25 | CVE-2016-6714 | Improper Access Control vulnerability in Google Android 6.0/6.0.1/7.0 A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. | 5.5 |