Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2017-05-22 CVE-2016-6112 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application.
network
low complexity
ibm CWE-264
8.8
2017-05-16 CVE-2016-10372 Permissions, Privileges, and Access Controls vulnerability in EIR D1000 Modem Firmware
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.
network
low complexity
eir CWE-264
critical
9.8
2017-05-16 CVE-2016-10238 Permissions, Privileges, and Access Controls vulnerability in Google Android
In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.
local
low complexity
google CWE-264
7.8
2017-05-15 CVE-2016-5979 Permissions, Privileges, and Access Controls vulnerability in IBM Distributed Marketing
IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user.
network
low complexity
ibm CWE-264
2.7
2017-05-12 CVE-2016-10291 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 3.10
An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux CWE-264
7.0
2017-05-12 CVE-2016-10290 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 3.10/3.18
An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux CWE-264
7.0
2017-05-12 CVE-2016-10289 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 3.10/3.18
An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux CWE-264
7.0
2017-05-12 CVE-2016-10288 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 3.18
An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux CWE-264
7.0
2017-05-12 CVE-2016-10287 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 3.10/3.18
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux CWE-264
7.0
2017-05-12 CVE-2016-10286 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 3.18
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux CWE-264
7.0