Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2018-02-05 CVE-2015-1416 Permissions, Privileges, and Access Controls vulnerability in Freebsd 10.0/10.1/10.2
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.
local
low complexity
freebsd CWE-264
7.8
7.8
2018-02-01 CVE-2014-9503 Permissions, Privileges, and Access Controls vulnerability in Open Atrium Project Open Atrium
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
network
low complexity
open-atrium-project CWE-264
6.5
6.5
2018-02-01 CVE-2014-3752 Permissions, Privileges, and Access Controls vulnerability in Gdata-Software Totalprotection 24.0.2.1
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
local
low complexity
gdata-software CWE-264
6.7
6.7
2018-01-19 CVE-2014-4919 Permissions, Privileges, and Access Controls vulnerability in Oxid-Esales Eshop
OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups.
network
low complexity
oxid-esales CWE-264
5.4
5.4
2018-01-12 CVE-2016-0327 Permissions, Privileges, and Access Controls vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors.
local
low complexity
ibm CWE-264
7.8
7.8
2018-01-11 CVE-2014-5070 Permissions, Privileges, and Access Controls vulnerability in Microsemi S350I Firmware 2.70.15
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.
network
low complexity
microsemi CWE-264
8.8
8.8
2018-01-11 CVE-2014-0087 Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms Management Engine
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.
network
low complexity
redhat CWE-264
8.8
8.8
2018-01-08 CVE-2014-2071 Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.
high complexity
arubanetworks CWE-264
7.1
7.1
2018-01-05 CVE-2014-8540 Permissions, Privileges, and Access Controls vulnerability in Gitlab
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
network
low complexity
gitlab CWE-264
6.5
6.5
2018-01-04 CVE-2014-7862 Permissions, Privileges, and Access Controls vulnerability in Zohocorp Desktop Central
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
network
low complexity
zohocorp CWE-264
critical
 9.8
9.8