Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-25 | CVE-2016-1406 | Improper Access Control vulnerability in Cisco products The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. | 8.8 |
| 2016-05-22 | CVE-2016-2159 | Improper Access Control vulnerability in Moodle The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request. | 4.3 |
| 2016-05-20 | CVE-2016-3728 | Improper Access Control vulnerability in Theforeman Foreman 1.10.3/1.11.0/1.11.1 Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. | 8.8 |
| 2016-05-20 | CVE-2016-2100 | Improper Access Control vulnerability in Theforeman Foreman Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. | 5.4 |
| 2016-05-20 | CVE-2016-1844 | Improper Access Control vulnerability in Apple mac OS X The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | 5.3 |
| 2016-05-20 | CVE-2016-1842 | Improper Access Control vulnerability in Apple Iphone OS MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | 7.5 |
| 2016-05-20 | CVE-2016-1806 | Improper Access Control vulnerability in Apple mac OS X Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 7.8 |
| 2016-05-20 | CVE-2016-1805 | Improper Access Control vulnerability in Apple mac OS X CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 7.8 |
| 2016-05-20 | CVE-2016-1797 | Improper Access Control vulnerability in Apple mac OS X Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. | 7.8 |
| 2016-05-18 | CVE-2016-0731 | Improper Access Control vulnerability in Apache Ambari The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | 4.9 |