Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2016-8589 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 8.8 |
| 2017-04-28 | CVE-2016-8586 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 8.8 |
| 2017-04-28 | CVE-2016-8585 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. | 8.8 |
| 2017-04-24 | CVE-2016-6903 | Permissions, Privileges, and Access Controls vulnerability in Lshell Project Lshell 0.9.16 lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | 9.9 |
| 2017-04-24 | CVE-2016-6902 | Permissions, Privileges, and Access Controls vulnerability in Lshell Project Lshell 0.9.16 lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | 9.9 |
| 2017-04-24 | CVE-2016-3114 | Permissions, Privileges, and Access Controls vulnerability in Kallithea 0.3.1 Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access. | 6.5 |
| 2017-04-24 | CVE-2015-8110 | Permissions, Privileges, and Access Controls vulnerability in Lenovo System Update 5.07.0013 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." | 7.8 |
| 2017-04-21 | CVE-2016-3067 | Permissions, Privileges, and Access Controls vulnerability in Cygwin Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges. | 9.8 |
| 2017-04-18 | CVE-2016-10345 | Permissions, Privileges, and Access Controls vulnerability in Phusion Passenger In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | 7.8 |
| 2017-04-17 | CVE-2016-6727 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code. | 9.8 |