Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-12 | CVE-2016-1315 | Improper Access Control vulnerability in Cisco Email Security Appliance Firmeware The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338. | 7.5 |
| 2016-02-08 | CVE-2016-2048 | Improper Access Control vulnerability in Djangoproject Django 1.9/1.9.1 Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission. | 5.5 |
| 2016-02-08 | CVE-2015-8361 | Improper Access Control vulnerability in Atlassian Bamboo Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. | 9.1 |
| 2016-02-07 | CVE-2016-1302 | Improper Access Control vulnerability in multiple products Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. | 8.8 |
| 2016-02-07 | CVE-2016-1301 | Improper Access Control vulnerability in Cisco products The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842. | 8.8 |
| 2016-02-03 | CVE-2016-1905 | Improper Access Control vulnerability in Kubernetes The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | 7.7 |
| 2016-02-01 | CVE-2016-2049 | Improper Access Control vulnerability in Janrain PHP-Openid examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header. | 8.8 |
| 2016-01-26 | CVE-2016-1492 | Improper Access Control vulnerability in Lenovo Shareit 3.0.18Ww The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | 6.1 |
| 2016-01-23 | CVE-2015-6317 | Improper Access Control vulnerability in Cisco Identity Services Engine Software Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. | 6.5 |
| 2016-01-09 | CVE-2015-8512 | Improper Access Control vulnerability in Mozilla Firefox OS 2.2 The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses. | 4.6 |