Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2015-12-28 CVE-2015-8660 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
local
low complexity
linux CWE-264
6.7
2015-12-24 CVE-2015-8267 Permissions, Privileges, and Access Controls vulnerability in Dovestones AD Self Password Reset 3.0.3.0
The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.
network
low complexity
dovestones CWE-264
critical
10.0
2015-12-21 CVE-2015-4545 Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.
network
low complexity
emc CWE-264
8.0
2015-12-21 CVE-2015-7919 Permissions, Privileges, and Access Controls vulnerability in Searchblox 8.3.0
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.
network
low complexity
searchblox CWE-264
critical
10.0
2015-08-14 CVE-2014-3576 Permissions, Privileges, and Access Controls vulnerability in multiple products
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
network
low complexity
apache oracle CWE-264
7.5
2014-03-18 CVE-2014-2532 Permissions, Privileges, and Access Controls vulnerability in multiple products
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
network
high complexity
oracle openbsd CWE-264
4.9
2014-02-18 CVE-2014-2019 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
low complexity
apple CWE-264
4.6