Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2016-10-03 CVE-2016-1371 Improper Access Control vulnerability in multiple products
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.
local
low complexity
canonical clamav CWE-284
5.5
2016-10-03 CVE-2016-5700 Improper Access Control vulnerability in F5 products
Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.
network
low complexity
f5 CWE-284
critical
9.8
2016-09-29 CVE-2016-5176 Improper Access Control vulnerability in Google Chrome
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
network
low complexity
google CWE-284
6.5
2016-09-26 CVE-2016-6826 Improper Access Control vulnerability in Huawei Anyoffice Secureapp 2.5.0301.0190/2.5.0501.0190
Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment.
network
low complexity
huawei CWE-284
6.5
2016-09-26 CVE-2016-8279 Improper Access Control vulnerability in Huawei Honor6 Firmware, Mate S Firmware and P8 Firmware
The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application.
local
low complexity
huawei CWE-284
5.5
2016-09-26 CVE-2016-5972 Improper Access Control vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
network
high complexity
ibm CWE-284
6.8
2016-09-26 CVE-2016-5963 Improper Access Control vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
network
low complexity
ibm CWE-284
8.8
2016-09-26 CVE-2016-5945 Improper Access Control vulnerability in IBM products
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request.
network
low complexity
ibm CWE-284
4.3
2016-09-26 CVE-2016-5943 Improper Access Control vulnerability in IBM Spectrum Control
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors.
network
low complexity
ibm CWE-284
5.4
2016-09-25 CVE-2016-5173 Improper Access Control vulnerability in Google Chrome
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
network
low complexity
google CWE-284
7.1