Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-18 | CVE-2016-5192 | Improper Access Control vulnerability in Google Chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | 6.5 |
| 2016-12-18 | CVE-2016-5189 | Improper Access Control vulnerability in Google Chrome Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | 6.5 |
| 2016-12-17 | CVE-2016-9951 | Improper Access Control vulnerability in Apport Project Apport An issue was discovered in Apport before 2.20.4. | 6.5 |
| 2016-12-16 | CVE-2016-8824 | Improper Access Control vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges. | 7.8 |
| 2016-12-16 | CVE-2016-8821 | Improper Access Control vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges. | 7.8 |
| 2016-12-16 | CVE-2016-9838 | Improper Access Control vulnerability in Joomla Joomla! An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. | 7.5 |
| 2016-12-15 | CVE-2016-9565 | Improper Access Control vulnerability in Nagios MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. | 9.8 |
| 2016-12-14 | CVE-2016-1000156 | Improper Access Control vulnerability in Mailcwp Project Mailcwp Mailcwp remote file upload vulnerability incomplete fix v1.100 | 9.8 |
| 2016-12-13 | CVE-2016-7952 | Improper Access Control vulnerability in multiple products X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | 7.5 |
| 2016-12-13 | CVE-2016-7946 | Improper Access Control vulnerability in multiple products X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. | 7.5 |