Vulnerabilities > Permissions, Privileges, and Access Controls
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-30 | CVE-2014-0073 | Permissions, Privileges, and Access Controls vulnerability in Apache Cordova and Cordova In-App-Browser The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI. | 9.8 |
2017-10-22 | CVE-2015-5699 | Permissions, Privileges, and Access Controls vulnerability in Cumulusnetworks Cumulus Linux 2.5.3 The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label. | 7.8 |
2017-10-16 | CVE-2015-4650 | Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Policy Manager Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. | 9.8 |
2017-10-16 | CVE-2015-3229 | Permissions, Privileges, and Access Controls vulnerability in Fedoraproject Spin-Kickstarts fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates. | 5.9 |
2017-10-16 | CVE-2014-7851 | Permissions, Privileges, and Access Controls vulnerability in multiple products oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | 7.5 |
2017-10-10 | CVE-2015-5675 | Permissions, Privileges, and Access Controls vulnerability in Freebsd 10.1/9.3 The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). | 7.8 |
2017-10-06 | CVE-2015-2673 | Permissions, Privileges, and Access Controls vulnerability in Wpeasycart WP Easycart The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters. | 8.8 |
2017-10-06 | CVE-2015-0296 | Permissions, Privileges, and Access Controls vulnerability in TUG Texlive 3.1.20140525R34255.Fc21/6.20131226R32488.Fc20 The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. | 4.7 |
2017-10-03 | CVE-2015-7359 | Permissions, Privileges, and Access Controls vulnerability in multiple products The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes. | 7.8 |
2017-10-03 | CVE-2015-7358 | Permissions, Privileges, and Access Controls vulnerability in multiple products The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory. | 7.8 |