Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-13 | CVE-2016-10121 | Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. | 7.8 |
| 2017-04-13 | CVE-2016-10120 | Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. | 7.8 |
| 2017-04-13 | CVE-2016-10119 | Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges. | 7.8 |
| 2017-04-13 | CVE-2016-10118 | Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /. | 3.3 |
| 2017-04-13 | CVE-2016-10117 | Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc. | 7.8 |
| 2017-04-12 | CVE-2016-5856 | Permissions, Privileges, and Access Controls vulnerability in multiple products Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. | 7.0 |
| 2017-04-12 | CVE-2016-4896 | Permissions, Privileges, and Access Controls vulnerability in Setucocms Project Setucocms SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors. | 6.5 |
| 2017-04-11 | CVE-2016-6811 | Permissions, Privileges, and Access Controls vulnerability in Apache Hadoop In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2017-04-10 | CVE-2016-8237 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Updates Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | 8.1 |
| 2017-04-10 | CVE-2016-8235 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Customer Care Software Development KIT 2.0.16 Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | 7.8 |