Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2017-10-03 CVE-2015-3321 Permissions, Privileges, and Access Controls vulnerability in Lenovo Fingerprint Manager
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.
local
low complexity
lenovo CWE-264
6.7
2017-09-28 CVE-2015-3643 Permissions, Privileges, and Access Controls vulnerability in Usb-Creator Project Usb-Creator
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
local
low complexity
usb-creator-project CWE-264
7.8
2017-09-26 CVE-2014-8156 Permissions, Privileges, and Access Controls vulnerability in multiple products
The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.
7.8
2017-09-25 CVE-2016-5868 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process.
local
high complexity
google CWE-264
7.0
2017-09-25 CVE-2015-7317 Permissions, Privileges, and Access Controls vulnerability in multiple products
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
network
high complexity
kupu-project plone CWE-264
6.8
2017-09-20 CVE-2015-0162 Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
local
high complexity
ibm CWE-264
7.0
2017-09-19 CVE-2015-4685 Permissions, Privileges, and Access Controls vulnerability in Polycom Realpresence Resource Manager
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
local
high complexity
polycom CWE-264
7.0
2017-09-19 CVE-2015-4683 Permissions, Privileges, and Access Controls vulnerability in Polycom Realpresence Resource Manager
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
network
low complexity
polycom CWE-264
critical
9.8
2017-09-19 CVE-2014-9610 Permissions, Privileges, and Access Controls vulnerability in Netsweeper
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
network
low complexity
netsweeper CWE-264
5.3
2017-09-11 CVE-2015-4523 Permissions, Privileges, and Access Controls vulnerability in Symantec Malware Analysis Appliance and Malware Analyzer G2
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.
local
low complexity
symantec CWE-264
critical
9.3