Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-05 | CVE-2016-1693 | Improper Access Control vulnerability in multiple products browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session. | 5.3 |
| 2016-06-05 | CVE-2016-1692 | Improper Access Control vulnerability in multiple products WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 5.3 |
| 2016-06-05 | CVE-2016-1682 | Improper Access Control vulnerability in multiple products The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. | 6.1 |
| 2016-06-05 | CVE-2016-1676 | Improper Access Control vulnerability in multiple products extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 8.8 |
| 2016-06-05 | CVE-2016-1675 | Improper Access Control vulnerability in multiple products Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp. | 8.8 |
| 2016-06-05 | CVE-2016-1672 | Improper Access Control vulnerability in multiple products The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors. | 8.8 |
| 2016-06-01 | CVE-2016-4810 | Improper Access Control vulnerability in Citrix Xenapp and Xendesktop Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. | 7.5 |
| 2016-05-31 | CVE-2016-4502 | Improper Access Control vulnerability in Envirosys ESC 8832 Data Controller 3.02 Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. | 7.5 |
| 2016-05-31 | CVE-2016-4501 | Improper Access Control vulnerability in Envirosys ESC 8832 Data Controller 3.02 Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. | 9.1 |
| 2016-05-30 | CVE-2016-1999 | Improper Access Control vulnerability in HP Release Control 9.13/9.20/9.21 The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |