Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2018-02-01 CVE-2014-3752 Permissions, Privileges, and Access Controls vulnerability in Gdata-Software Totalprotection 24.0.2.1
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
local
low complexity
gdata-software CWE-264
6.7
2018-01-19 CVE-2014-4919 Permissions, Privileges, and Access Controls vulnerability in Oxid-Esales Eshop
OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups.
network
low complexity
oxid-esales CWE-264
5.4
2018-01-12 CVE-2016-0327 Permissions, Privileges, and Access Controls vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors.
local
low complexity
ibm CWE-264
7.8
2018-01-11 CVE-2014-5070 Permissions, Privileges, and Access Controls vulnerability in Microsemi S350I Firmware 2.70.15
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.
network
low complexity
microsemi CWE-264
8.8
2018-01-11 CVE-2014-0087 Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms Management Engine
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.
network
low complexity
redhat CWE-264
8.8
2018-01-08 CVE-2014-2071 Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.
high complexity
arubanetworks CWE-264
7.1
2018-01-05 CVE-2014-8540 Permissions, Privileges, and Access Controls vulnerability in Gitlab
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
network
low complexity
gitlab CWE-264
6.5
2018-01-04 CVE-2014-7862 Permissions, Privileges, and Access Controls vulnerability in Zohocorp Desktop Central
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
network
low complexity
zohocorp CWE-264
critical
9.8
2017-11-24 CVE-2016-10700 Permissions, Privileges, and Access Controls vulnerability in Cacti
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered.
network
low complexity
cacti CWE-264
8.8
2017-11-20 CVE-2016-6804 Permissions, Privileges, and Access Controls vulnerability in Apache Openoffice
The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges.
local
low complexity
apache CWE-264
7.8