Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-13 | CVE-2016-2831 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. | 8.8 |
| 2016-06-13 | CVE-2016-2829 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. | 6.5 |
| 2016-06-13 | CVE-2016-2825 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | 6.5 |
| 2016-06-13 | CVE-2016-2822 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. | 6.5 |
| 2016-06-10 | CVE-2016-2785 | Improper Access Control vulnerability in Puppet Puppet, Puppet Agent and Puppet Server Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. | 9.8 |
| 2016-06-10 | CVE-2016-4524 | Improper Access Control vulnerability in ABB Pcm600 2.6 ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | 6.5 |
| 2016-06-10 | CVE-2016-4495 | Improper Access Control vulnerability in KMC Controls Bac-5051E Firmware KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. | 5.3 |
| 2016-06-09 | CVE-2016-2150 | Improper Access Control vulnerability in multiple products SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. | 7.1 |
| 2016-06-09 | CVE-2016-1581 | Improper Access Control vulnerability in Canonical LXD and Ubuntu Linux LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. | 5.5 |
| 2016-06-08 | CVE-2016-3708 | Improper Access Control vulnerability in Redhat Openshift 3.2 Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. | 7.1 |