Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-23 | CVE-2016-9775 | Permissions, Privileges, and Access Controls vulnerability in multiple products The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. | 7.8 |
| 2017-03-23 | CVE-2016-9167 | Permissions, Privileges, and Access Controls vulnerability in Novell Edirectory NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | 7.5 |
| 2017-03-23 | CVE-2016-1597 | Permissions, Privileges, and Access Controls vulnerability in Netiq Access Governance Suite A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. | 8.8 |
| 2017-03-20 | CVE-2016-5857 | Permissions, Privileges, and Access Controls vulnerability in Google Android 7.0 The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140. | 7.8 |
| 2017-03-20 | CVE-2015-8954 | Permissions, Privileges, and Access Controls vulnerability in Openinfosecfoundation Suricata The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. | 9.8 |
| 2017-03-20 | CVE-2015-1610 | Permissions, Privileges, and Access Controls vulnerability in Opendaylight L2Switch hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing." | 5.3 |
| 2017-03-17 | CVE-2014-8708 | Permissions, Privileges, and Access Controls vulnerability in Pluck-Cms Pluck 4.7.2 Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. | 9.8 |
| 2017-03-16 | CVE-2016-10187 | Permissions, Privileges, and Access Controls vulnerability in Calibre-Ebook Calibre The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | 5.5 |
| 2017-03-15 | CVE-2016-7955 | Permissions, Privileges, and Access Controls vulnerability in Alienvault Ossim and Unified Security Management The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header. | 9.8 |
| 2017-03-14 | CVE-2016-8026 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Security Scan Plus 2.0.181.2/3.11.376/3.11.469 Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. | 7.8 |