Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-12 | CVE-2016-6772 | Permissions, Privileges, and Access Controls vulnerability in Google Android An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. | 7.8 |
| 2017-01-12 | CVE-2016-6762 | Permissions, Privileges, and Access Controls vulnerability in Google Android An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. | 7.8 |
| 2017-01-10 | CVE-2016-10126 | Permissions, Privileges, and Access Controls vulnerability in Splunk Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. | 9.8 |
| 2017-01-06 | CVE-2016-9867 | Permissions, Privileges, and Access Controls vulnerability in EMC Scaleio 2.0.1.0 An issue was discovered in EMC ScaleIO versions before 2.0.1.1. | 8.8 |
| 2017-01-05 | CVE-2016-8006 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Security Information and Event Management 9.6.0 Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands. | 4.4 |
| 2017-01-05 | CVE-2016-10010 | Permissions, Privileges, and Access Controls vulnerability in Openbsd Openssh sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. | 7.0 |
| 2017-01-04 | CVE-2016-7903 | Permissions, Privileges, and Access Controls vulnerability in Dotclear Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header. | 3.7 |
| 2017-01-04 | CVE-2016-10116 | Permissions, Privileges, and Access Controls vulnerability in Netgear products NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack. | 8.1 |
| 2016-12-29 | CVE-2016-7457 | Permissions, Privileges, and Access Controls vulnerability in VMWare Vrealize Operations VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. | 10.0 |
| 2016-12-29 | CVE-2016-7086 | Permissions, Privileges, and Access Controls vulnerability in VMWare Workstation Player and Workstation PRO The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory. | 7.8 |