Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2017-04-13 CVE-2016-10119 Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail
Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.
local
low complexity
firejail-project CWE-264
7.8
2017-04-13 CVE-2016-10118 Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.
local
low complexity
firejail-project CWE-264
3.3
2017-04-13 CVE-2016-10117 Permissions, Privileges, and Access Controls vulnerability in Firejail Project Firejail
Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.
local
low complexity
firejail-project CWE-264
7.8
2017-04-12 CVE-2016-5856 Permissions, Privileges, and Access Controls vulnerability in multiple products
Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.
local
high complexity
linux google CWE-264
7.0
2017-04-12 CVE-2016-4896 Permissions, Privileges, and Access Controls vulnerability in Setucocms Project Setucocms
SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors.
network
low complexity
setucocms-project CWE-264
6.5
2017-04-11 CVE-2016-6811 Permissions, Privileges, and Access Controls vulnerability in Apache Hadoop
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
network
low complexity
apache CWE-264
8.8
2017-04-10 CVE-2016-8237 Permissions, Privileges, and Access Controls vulnerability in Lenovo Updates
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.
network
high complexity
lenovo CWE-264
8.1
2017-04-10 CVE-2016-8235 Permissions, Privileges, and Access Controls vulnerability in Lenovo Customer Care Software Development KIT 2.0.16
Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.
local
low complexity
lenovo CWE-264
7.8
2017-04-10 CVE-2016-10323 Permissions, Privileges, and Access Controls vulnerability in Synology Photo Station
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
local
low complexity
synology CWE-264
7.8
2017-04-10 CVE-2016-5071 Permissions, Privileges, and Access Controls vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
network
low complexity
sierrawireless CWE-264
8.8