Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2016-12-18 CVE-2016-5192 Improper Access Control vulnerability in Google Chrome
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
network
low complexity
google CWE-284
6.5
2016-12-18 CVE-2016-5189 Improper Access Control vulnerability in Google Chrome
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
network
low complexity
google CWE-284
6.5
2016-12-17 CVE-2016-9951 Improper Access Control vulnerability in Apport Project Apport
An issue was discovered in Apport before 2.20.4.
network
low complexity
apport-project CWE-284
6.5
2016-12-16 CVE-2016-8824 Improper Access Control vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges.
local
low complexity
nvidia CWE-284
7.8
2016-12-16 CVE-2016-8821 Improper Access Control vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.
local
low complexity
nvidia CWE-284
7.8
2016-12-16 CVE-2016-9838 Improper Access Control vulnerability in Joomla Joomla!
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5.
network
low complexity
joomla CWE-284
7.5
2016-12-15 CVE-2016-9565 Improper Access Control vulnerability in Nagios
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server.
network
low complexity
nagios CWE-284
critical
9.8
2016-12-14 CVE-2016-1000156 Improper Access Control vulnerability in Mailcwp Project Mailcwp
Mailcwp remote file upload vulnerability incomplete fix v1.100
network
low complexity
mailcwp-project CWE-284
critical
9.8
2016-12-13 CVE-2016-7952 Improper Access Control vulnerability in multiple products
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
network
low complexity
fedoraproject x-org CWE-284
7.5
2016-12-13 CVE-2016-7946 Improper Access Control vulnerability in multiple products
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
network
low complexity
x-org fedoraproject CWE-284
7.5