Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-05 | CVE-2016-3839 | Improper Access Control vulnerability in Google Android Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210. | 5.5 |
| 2016-08-05 | CVE-2016-3838 | Improper Access Control vulnerability in Google Android 6.0/6.0.1 Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672. | 5.5 |
| 2016-08-05 | CVE-2014-9901 | Improper Access Control vulnerability in Google Android The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. | 7.5 |
| 2016-08-05 | CVE-2016-6150 | Improper Access Control vulnerability in SAP Hana The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550. | 9.8 |
| 2016-08-05 | CVE-2016-6144 | Improper Access Control vulnerability in SAP Hana 1.0/1.00 The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869. | 8.1 |
| 2016-08-05 | CVE-2016-6140 | Improper Access Control vulnerability in SAP Trex 7.10 SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591. | 9.8 |
| 2016-08-02 | CVE-2016-6258 | Improper Access Control vulnerability in multiple products The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | 8.8 |
| 2016-08-02 | CVE-2016-5229 | Improper Access Control vulnerability in Atlassian Bamboo Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | 9.8 |
| 2016-08-01 | CVE-2016-4373 | Improper Access Control vulnerability in HP Operations Manager 9.20.0/9.21/9.21.120 The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
| 2016-08-01 | CVE-2016-1608 | Improper Access Control vulnerability in Novell Filr 1.2/2.0 vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter. | 8.8 |