Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-02 | CVE-2014-9717 | Improper Access Control vulnerability in Linux Kernel fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. | 6.1 |
| 2016-05-02 | CVE-2012-6689 | Improper Access Control vulnerability in Linux Kernel The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. | 7.8 |
| 2016-04-30 | CVE-2016-2820 | Improper Access Control vulnerability in Mozilla Firefox The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | 4.3 |
| 2016-04-30 | CVE-2016-2816 | Improper Access Control vulnerability in Mozilla Firefox Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. | 6.5 |
| 2016-04-30 | CVE-2016-1200 | Improper Access Control vulnerability in Lockon Ec-Cube 3.0.7/3.0.8/3.0.9 The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. | 6.3 |
| 2016-04-27 | CVE-2015-8845 | Improper Access Control vulnerability in multiple products The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | 5.5 |
| 2016-04-25 | CVE-2016-4081 | Improper Access Control vulnerability in Wireshark epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 5.9 |
| 2016-04-25 | CVE-2016-4076 | Improper Access Control vulnerability in Wireshark 2.0.0/2.0.1/2.0.2 epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.9 |
| 2016-04-22 | CVE-2016-4064 | Improper Access Control vulnerability in Foxitsoftware Foxit Reader and Phantompdf Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. | 7.8 |
| 2016-04-22 | CVE-2016-2354 | Improper Access Control vulnerability in Lemurmonitors Bluedriver 6.3.2 The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. | 8.8 |