Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-26 | CVE-2016-0278 | Improper Access Control vulnerability in IBM Domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301. | 7.8 |
| 2016-06-26 | CVE-2016-0277 | Improper Access Control vulnerability in IBM Domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301. | 7.8 |
| 2016-06-26 | CVE-2015-7473 | Improper Access Control vulnerability in IBM Websphere MQ runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. | 2.5 |
| 2016-06-25 | CVE-2016-1190 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | 6.5 |
| 2016-06-23 | CVE-2016-0914 | Improper Access Control vulnerability in EMC products EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. | 6.3 |
| 2016-06-19 | CVE-2016-4811 | Improper Access Control vulnerability in Ntt-Bp Japan Connected-Free Wi-Fi 1.13.0/1.15.1 The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors. | 5.6 |
| 2016-06-19 | CVE-2016-0392 | Improper Access Control vulnerability in IBM products IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program. | 8.4 |
| 2016-06-19 | CVE-2016-4813 | Improper Access Control vulnerability in Netcommons 2.4.2.1 NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. | 8.8 |
| 2016-06-16 | CVE-2016-3226 | Improper Access Control vulnerability in Microsoft Windows Server 2008 and Windows Server 2012 Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability." | 6.5 |
| 2016-06-14 | CVE-2016-5366 | Improper Access Control vulnerability in Huawei Honor Ws851 Firmware 1.1.21.1 Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052. | 7.5 |