Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2017-06-08 CVE-2016-4471 Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
network
low complexity
redhat CWE-264
8.8
2017-06-07 CVE-2016-3051 Permissions, Privileges, and Access Controls vulnerability in IBM Security Access Manager 9.0 Firmware
IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server.
network
low complexity
ibm CWE-264
4.3
2017-06-04 CVE-2016-8228 Permissions, Privileges, and Access Controls vulnerability in Lenovo Service Bridge
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
local
low complexity
lenovo CWE-264
7.8
2017-05-25 CVE-2016-5007 Permissions, Privileges, and Access Controls vulnerability in multiple products
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively.
network
low complexity
pivotal-software vmware CWE-264
7.5
2017-05-25 CVE-2016-4435 Permissions, Privileges, and Access Controls vulnerability in Pivotal Bosh Stemcell 3146.13/3232.4
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM.
network
high complexity
pivotal CWE-264
critical
9.0
2017-05-25 CVE-2016-3084 Permissions, Privileges, and Access Controls vulnerability in multiple products
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time.
network
high complexity
pivotal-software cloudfoundry CWE-264
8.1
2017-05-23 CVE-2016-1876 Permissions, Privileges, and Access Controls vulnerability in Lenovo Solution Center 3.3.0001
The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.
local
low complexity
lenovo CWE-264
7.8
2017-05-23 CVE-2015-8089 Permissions, Privileges, and Access Controls vulnerability in Huawei P7-L00 Firmware, P7-L05 Firmware and P7-L09 Firmware
The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application.
local
low complexity
huawei CWE-264
7.8
2017-05-23 CVE-2015-5682 Permissions, Privileges, and Access Controls vulnerability in Powerplay Gallery Project Powerplay Gallery 3.3
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.
network
low complexity
powerplay-gallery-project CWE-264
7.5
2017-05-23 CVE-2015-4045 Permissions, Privileges, and Access Controls vulnerability in Alienvault Open Source Security Information Management
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.
local
low complexity
alienvault CWE-264
6.7