Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-09 | CVE-2015-4165 | Permissions, Privileges, and Access Controls vulnerability in Elasticsearch 1.5.2 The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code. | 7.5 |
| 2017-08-07 | CVE-2015-5244 | Permissions, Privileges, and Access Controls vulnerability in MOD NSS Project MOD NSS The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | 9.8 |
| 2017-08-07 | CVE-2015-8621 | Permissions, Privileges, and Access Controls vulnerability in Tcoffee T-Coffee 11.00.8Cbe4861 t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally. | 5.5 |
| 2017-08-07 | CVE-2015-7875 | Permissions, Privileges, and Access Controls vulnerability in Chaos Tool Suite Project Ctools ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page. | 7.5 |
| 2017-08-07 | CVE-2015-7561 | Permissions, Privileges, and Access Controls vulnerability in multiple products Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | 3.1 |
| 2017-08-07 | CVE-2015-1378 | Permissions, Privileges, and Access Controls vulnerability in Grml Grml-Debootstrap cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users. | 7.5 |
| 2017-08-07 | CVE-2014-9262 | Permissions, Privileges, and Access Controls vulnerability in Snapcreek Duplicator The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | 8.2 |
| 2017-08-07 | CVE-2014-9260 | Permissions, Privileges, and Access Controls vulnerability in Downloadmanager Download Manager The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | 8.8 |
| 2017-08-02 | CVE-2015-2560 | Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Desktop Central 9.0 Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | 9.8 |
| 2017-08-02 | CVE-2016-7845 | Permissions, Privileges, and Access Controls vulnerability in Gigaccsecure Gigacc Office 2.3 GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing. | 6.5 |