Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2019-07-01 CVE-2019-13125 Permissions, Privileges, and Access Controls vulnerability in Tencent Habomalhunter 2.0.0.2/2.0.0.3
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation.
local
low complexity
tencent CWE-264
7.8
2019-06-19 CVE-2019-2003 Permissions, Privileges, and Access Controls vulnerability in Google Android
In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause.
network
low complexity
google CWE-264
8.8
2019-06-17 CVE-2018-10239 Permissions, Privileges, and Access Controls vulnerability in Infoblox Nios
A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope.
local
low complexity
infoblox CWE-264
6.7
2019-06-13 CVE-2019-0164 Permissions, Privileges, and Access Controls vulnerability in multiple products
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel lenovo CWE-264
7.3
2019-06-13 CVE-2019-0128 Permissions, Privileges, and Access Controls vulnerability in Intel Chipset Device Software 10.1.1.14/10.1.1.38
Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.
local
low complexity
intel CWE-264
7.8
2019-06-07 CVE-2019-2102 Permissions, Privileges, and Access Controls vulnerability in Google Android
In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK).
low complexity
google CWE-264
8.8
2019-06-02 CVE-2017-18376 Permissions, Privileges, and Access Controls vulnerability in Strangebee Thehive
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges.
network
low complexity
strangebee CWE-264
8.8
2019-04-22 CVE-2016-1579 Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Download Manager
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation.
network
low complexity
canonical CWE-264
critical
9.8
2019-04-22 CVE-2015-1341 Permissions, Privileges, and Access Controls vulnerability in Canonical Apport and Ubuntu Linux
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
local
low complexity
canonical CWE-264
7.8
2019-04-22 CVE-2015-1327 Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 15.04
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer.
local
low complexity
canonical CWE-264
7.8