Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-10 | CVE-2016-6690 | Improper Access Control vulnerability in Google Android The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted application, aka internal bug 28838221. | 5.5 |
| 2016-10-10 | CVE-2016-3925 | Improper Access Control vulnerability in Google Android 6.0/6.0.1/7.0 server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service (blocked Wi-Fi usage) via a crafted application, aka internal bug 30230534. | 5.5 |
| 2016-10-10 | CVE-2016-3923 | Improper Access Control vulnerability in Google Android The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115. | 5.5 |
| 2016-10-10 | CVE-2016-3882 | Improper Access Control vulnerability in Google Android 6.0/6.0.1/7.0 Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811. | 6.5 |
| 2016-10-07 | CVE-2016-7040 | Improper Access Control vulnerability in Redhat Cloudforms Management Engine 4.1 Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections. | 8.8 |
| 2016-10-07 | CVE-2016-6323 | Improper Access Control vulnerability in multiple products The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | 7.5 |
| 2016-10-06 | CVE-2015-1000010 | Improper Access Control vulnerability in Simple-Image-Manipulator Project Simple-Image-Manipulator 1.0 Remote file download in simple-image-manipulator v1.0 wordpress plugin | 7.5 |
| 2016-10-06 | CVE-2015-1000009 | Improper Access Control vulnerability in Google-Adsense-And-Hotel-Booking Project Google-Adsense-And-Hotel-Booking 1.05 Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 | 9.1 |
| 2016-10-05 | CVE-2016-5745 | Improper Access Control vulnerability in F5 Big-Ip Local Traffic Manager F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64. | 9.8 |
| 2016-10-05 | CVE-2016-4551 | Improper Access Control vulnerability in SAP Netweaver, SAP ABA and SAP Basis The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | 7.5 |