Vulnerabilities > Permissions, Privileges, and Access Controls
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-01 | CVE-2014-3752 | Permissions, Privileges, and Access Controls vulnerability in Gdata-Software Totalprotection 24.0.2.1 The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call. | 6.7 |
2018-01-19 | CVE-2014-4919 | Permissions, Privileges, and Access Controls vulnerability in Oxid-Esales Eshop OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups. | 5.4 |
2018-01-12 | CVE-2016-0327 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. | 7.8 |
2018-01-11 | CVE-2014-5070 | Permissions, Privileges, and Access Controls vulnerability in Microsemi S350I Firmware 2.70.15 Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. | 8.8 |
2018-01-11 | CVE-2014-0087 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms Management Engine The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | 8.8 |
2018-01-08 | CVE-2014-2071 | Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. | 7.1 |
2018-01-05 | CVE-2014-8540 | Permissions, Privileges, and Access Controls vulnerability in Gitlab The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks. | 6.5 |
2018-01-04 | CVE-2014-7862 | Permissions, Privileges, and Access Controls vulnerability in Zohocorp Desktop Central The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action. | 9.8 |
2017-11-24 | CVE-2016-10700 | Permissions, Privileges, and Access Controls vulnerability in Cacti auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. | 8.8 |
2017-11-20 | CVE-2016-6804 | Permissions, Privileges, and Access Controls vulnerability in Apache Openoffice The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. | 7.8 |