Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2016-11-10 CVE-2016-7237 Improper Access Control vulnerability in Microsoft products
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
network
low complexity
microsoft CWE-284
6.5
2016-11-10 CVE-2016-7226 Improper Access Control vulnerability in Microsoft Windows 10 and Windows Server 2016
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7225 Improper Access Control vulnerability in Microsoft Windows 10 and Windows Server 2016
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7224 Improper Access Control vulnerability in Microsoft products
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7223 Improper Access Control vulnerability in Microsoft products
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7212 Improper Access Control vulnerability in Microsoft products
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability."
local
low complexity
microsoft CWE-284
7.8
2016-11-07 CVE-2016-9111 Improper Access Control vulnerability in Citrix Receiver Desktop 4.5
Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable.
low complexity
citrix CWE-284
6.8
2016-11-04 CVE-2016-9190 Improper Access Control vulnerability in multiple products
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
local
low complexity
python debian CWE-284
7.8
2016-11-04 CVE-2016-9182 Improper Access Control vulnerability in Exponentcms Exponent CMS 2.4.0
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission.
network
low complexity
exponentcms CWE-284
7.5
2016-10-29 CVE-2016-3060 Improper Access Control vulnerability in IBM Financial Transaction Manager
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
network
low complexity
ibm CWE-284
5.7