Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2016-6299 Permissions, Privileges, and Access Controls vulnerability in multiple products
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
local
low complexity
fedoraproject mock-project CWE-264
7.8
2017-04-14 CVE-2016-4889 Permissions, Privileges, and Access Controls vulnerability in Zohocorp Servicedesk Plus
ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.
network
low complexity
zohocorp CWE-264
8.8
2017-04-14 CVE-2016-4455 Permissions, Privileges, and Access Controls vulnerability in Redhat products
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
local
low complexity
redhat CWE-264
3.3
2017-04-14 CVE-2016-0727 Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 12.04/14.04/16.04
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.
local
low complexity
canonical CWE-264
7.8
2017-04-13 CVE-2014-7921 Permissions, Privileges, and Access Controls vulnerability in Google Android
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges.
network
low complexity
google CWE-264
critical
9.8
2017-04-13 CVE-2014-7920 Permissions, Privileges, and Access Controls vulnerability in Google Android
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges.
network
low complexity
google CWE-264
critical
9.8
2017-04-13 CVE-2016-10123 Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.
local
low complexity
firejail-project CWE-264
7.8
2017-04-13 CVE-2016-10122 Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail
Firejail does not properly clean environment variables, which allows local users to gain privileges.
local
low complexity
firejail-project CWE-264
7.8
2017-04-13 CVE-2016-10121 Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail
Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.
local
low complexity
firejail-project CWE-264
7.8
2017-04-13 CVE-2016-10120 Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail
Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.
local
low complexity
firejail-project CWE-264
7.8