Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-18 | CVE-2016-10345 | Permissions, Privileges, and Access Controls vulnerability in Phusion Passenger In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | 7.8 |
| 2017-04-17 | CVE-2016-6727 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code. | 9.8 |
| 2017-04-14 | CVE-2016-6299 | Permissions, Privileges, and Access Controls vulnerability in multiple products The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. | 7.8 |
| 2017-04-14 | CVE-2016-4889 | Permissions, Privileges, and Access Controls vulnerability in Zohocorp Servicedesk Plus ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions. | 8.8 |
| 2017-04-14 | CVE-2016-4455 | Permissions, Privileges, and Access Controls vulnerability in Redhat products The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. | 3.3 |
| 2017-04-14 | CVE-2016-0727 | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 12.04/14.04/16.04 The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup. | 7.8 |
| 2017-04-13 | CVE-2014-7921 | Permissions, Privileges, and Access Controls vulnerability in Google Android mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. | 9.8 |
| 2017-04-13 | CVE-2014-7920 | Permissions, Privileges, and Access Controls vulnerability in Google Android mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. | 9.8 |
| 2017-04-13 | CVE-2016-10123 | Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. | 7.8 |
| 2017-04-13 | CVE-2016-10122 | Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail Firejail does not properly clean environment variables, which allows local users to gain privileges. | 7.8 |