Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-30 | CVE-2016-1200 | Improper Access Control vulnerability in Lockon Ec-Cube 3.0.7/3.0.8/3.0.9 The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. | 6.3 |
| 2016-04-27 | CVE-2015-8845 | Improper Access Control vulnerability in multiple products The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | 5.5 |
| 2016-04-25 | CVE-2016-4081 | Improper Access Control vulnerability in Wireshark epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 5.9 |
| 2016-04-25 | CVE-2016-4076 | Improper Access Control vulnerability in Wireshark 2.0.0/2.0.1/2.0.2 epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.9 |
| 2016-04-22 | CVE-2016-4064 | Improper Access Control vulnerability in Foxitsoftware Foxit Reader and Phantompdf Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. | 7.8 |
| 2016-04-22 | CVE-2016-2354 | Improper Access Control vulnerability in Lemurmonitors Bluedriver 6.3.2 The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. | 8.8 |
| 2016-04-18 | CVE-2016-1658 | Improper Access Control vulnerability in multiple products The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. | 4.3 |
| 2016-04-18 | CVE-2016-1656 | Improper Access Control vulnerability in multiple products The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | 7.5 |
| 2016-04-14 | CVE-2015-5247 | Improper Access Control vulnerability in multiple products The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. | 6.5 |
| 2016-04-14 | CVE-2011-4600 | Improper Access Control vulnerability in multiple products The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. | 5.9 |