Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-9382 | Permissions, Privileges, and Access Controls vulnerability in multiple products Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. | 7.8 |
| 2017-01-23 | CVE-2016-9012 | Permissions, Privileges, and Access Controls vulnerability in Arista Cloudvision Portal CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle. | 8.8 |
| 2017-01-23 | CVE-2016-5876 | Permissions, Privileges, and Access Controls vulnerability in Owncloud ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. | 5.9 |
| 2017-01-23 | CVE-2016-5720 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Skype Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory. | 7.8 |
| 2017-01-23 | CVE-2016-5237 | Permissions, Privileges, and Access Controls vulnerability in Valvesoftware Steamos 3.42.16.13 Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file. | 4.8 |
| 2017-01-23 | CVE-2016-4340 | Permissions, Privileges, and Access Controls vulnerability in Gitlab The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors. | 8.8 |
| 2017-01-23 | CVE-2016-10156 | Permissions, Privileges, and Access Controls vulnerability in Systemd Project Systemd 228 A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. | 7.8 |
| 2017-01-20 | CVE-2016-8644 | Permissions, Privileges, and Access Controls vulnerability in Moodle In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | 5.3 |
| 2017-01-18 | CVE-2016-10086 | Permissions, Privileges, and Access Controls vulnerability in CA Service Desk Management and Service Desk Manager RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. | 8.1 |
| 2017-01-18 | CVE-2016-6527 | Permissions, Privileges, and Access Controls vulnerability in Samsung Mobile 5.0/5.1/6.0 The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | 7.8 |