Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2016-8960 | Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. | 8.8 |
| 2017-03-27 | CVE-2016-10225 | Permissions, Privileges, and Access Controls vulnerability in Allwinner Linux-3.4-Sunxi The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug. | 7.8 |
| 2017-03-27 | CVE-2015-0864 | Permissions, Privileges, and Access Controls vulnerability in Samsung Galaxy APP and Samsung Account APP Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | 8.0 |
| 2017-03-27 | CVE-2015-0863 | Permissions, Privileges, and Access Controls vulnerability in Samsung Galaxy APP and Samsung Account APP GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | 8.0 |
| 2017-03-23 | CVE-2015-2263 | Permissions, Privileges, and Access Controls vulnerability in Cloudera Manager Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. | 3.3 |
| 2017-03-23 | CVE-2014-0229 | Permissions, Privileges, and Access Controls vulnerability in multiple products Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. | 6.5 |
| 2017-03-23 | CVE-2013-6446 | Permissions, Privileges, and Access Controls vulnerability in Cloudera CDH The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs. | 3.1 |
| 2017-03-23 | CVE-2014-7279 | Permissions, Privileges, and Access Controls vulnerability in Kankunit Konke Smart Plug Firmware K The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. | 9.8 |
| 2017-03-23 | CVE-2016-9775 | Permissions, Privileges, and Access Controls vulnerability in multiple products The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. | 7.8 |
| 2017-03-23 | CVE-2016-9167 | Permissions, Privileges, and Access Controls vulnerability in Novell Edirectory NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | 7.5 |