Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-30 | CVE-2016-2820 | Improper Access Control vulnerability in Mozilla Firefox The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | 4.3 |
| 2016-04-30 | CVE-2016-2816 | Improper Access Control vulnerability in Mozilla Firefox Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. | 6.5 |
| 2016-04-30 | CVE-2016-1200 | Improper Access Control vulnerability in Lockon Ec-Cube 3.0.7/3.0.8/3.0.9 The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. | 6.3 |
| 2016-04-27 | CVE-2015-8845 | Improper Access Control vulnerability in multiple products The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | 5.5 |
| 2016-04-25 | CVE-2016-4081 | Improper Access Control vulnerability in Wireshark epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 5.9 |
| 2016-04-25 | CVE-2016-4076 | Improper Access Control vulnerability in Wireshark 2.0.0/2.0.1/2.0.2 epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.9 |
| 2016-04-22 | CVE-2016-4064 | Improper Access Control vulnerability in Foxitsoftware Foxit Reader and Phantompdf Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. | 7.8 |
| 2016-04-22 | CVE-2016-2354 | Improper Access Control vulnerability in Lemurmonitors Bluedriver 6.3.2 The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. | 8.8 |
| 2016-04-18 | CVE-2016-1658 | Improper Access Control vulnerability in multiple products The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. | 4.3 |
| 2016-04-18 | CVE-2016-1656 | Improper Access Control vulnerability in multiple products The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | 7.5 |