Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-13 | CVE-2016-5302 | Improper Access Control vulnerability in Citrix Xenserver Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. | 9.8 |
| 2016-06-13 | CVE-2016-5104 | Improper Access Control vulnerability in multiple products The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. | 5.3 |
| 2016-06-13 | CVE-2016-4911 | Improper Access Control vulnerability in Keystone Openstack Identity 9.0.0.0 The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token. | 4.3 |
| 2016-06-13 | CVE-2016-1543 | Improper Access Control vulnerability in BMC Bladelogic Server Automation Console The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure. | 7.5 |
| 2016-06-13 | CVE-2016-2831 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. | 8.8 |
| 2016-06-13 | CVE-2016-2829 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. | 6.5 |
| 2016-06-13 | CVE-2016-2825 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | 6.5 |
| 2016-06-13 | CVE-2016-2822 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. | 6.5 |
| 2016-06-10 | CVE-2016-2785 | Improper Access Control vulnerability in Puppet Puppet, Puppet Agent and Puppet Server Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. | 9.8 |
| 2016-06-10 | CVE-2016-4524 | Improper Access Control vulnerability in ABB Pcm600 2.6 ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | 6.5 |