Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-13 | CVE-2016-3245 | Improper Access Control vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability." | 6.5 |
| 2016-07-13 | CVE-2016-3244 | Improper Access Control vulnerability in Microsoft Edge Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass." | 4.3 |
| 2016-07-11 | CVE-2016-3818 | Improper Access Control vulnerability in Google Android libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702. | 5.5 |
| 2016-07-11 | CVE-2014-9798 | Improper Access Control vulnerability in Google Android platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965. | 5.5 |
| 2016-07-08 | CVE-2016-0315 | Improper Access Control vulnerability in IBM Jazz Reporting Service The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation. | 8.8 |
| 2016-07-06 | CVE-2016-4979 | Improper Access Control vulnerability in Apache Http Server 2.4.18/2.4.19/2.4.20 The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. | 7.5 |
| 2016-07-06 | CVE-2016-0906 | Improper Access Control vulnerability in EMC Avamar The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation. | 8.8 |
| 2016-07-02 | CVE-2016-0391 | Improper Access Control vulnerability in IBM Watson Developer Cloud The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | 9.8 |
| 2016-06-30 | CVE-2015-8801 | Improper Access Control vulnerability in Symantec Endpoint Protection Manager 12.1.6 Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device. | 2.9 |
| 2016-06-30 | CVE-2016-0349 | Improper Access Control vulnerability in IBM Business Process Manager 8.5.6.0/8.5.7.0 IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call. | 6.5 |