Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2017-03-02 CVE-2015-8994 Permissions, Privileges, and Access Controls vulnerability in PHP
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled.
network
high complexity
php CWE-264
7.5
7.5
2017-03-01 CVE-2016-5374 Permissions, Privileges, and Access Controls vulnerability in Netapp Data Ontap 9.0/9.1
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
network
low complexity
netapp CWE-264
8.8
8.8
2017-03-01 CVE-2016-10151 Permissions, Privileges, and Access Controls vulnerability in Hesiod Project Hesiod 3.2.1
The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary.
local
high complexity
hesiod-project CWE-264
7.0
7.0
2017-02-24 CVE-2016-4043 Permissions, Privileges, and Access Controls vulnerability in Plone
Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.
network
low complexity
plone CWE-264
4.9
4.9
2017-02-24 CVE-2016-4041 Permissions, Privileges, and Access Controls vulnerability in Plone
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
network
low complexity
plone CWE-264
7.3
7.3
2017-02-21 CVE-2016-9315 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts.
network
low complexity
trendmicro CWE-264
8.8
8.8
2017-02-21 CVE-2016-9269 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality.
network
low complexity
trendmicro CWE-264
critical
 9.9
9.9
2017-02-20 CVE-2016-7661 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-264
7.8
7.8
2017-02-20 CVE-2016-7660 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-264
7.8
7.8
2017-02-20 CVE-2016-7628 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-264
5.5
5.5