Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-11-25 CVE-2016-3904 Permissions, Privileges, and Access Controls vulnerability in Google Android
An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
low complexity
google CWE-264
7.8
7.8
2016-11-25 CVE-2016-5991 Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.
local
high complexity
ibm CWE-264
4.5
4.5
2016-11-25 CVE-2016-2988 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager for Virtual Environments 6.4/7.1
IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins.
network
high complexity
ibm CWE-264
8.5
8.5
2016-11-25 CVE-2016-2985 Permissions, Privileges, and Access Controls vulnerability in IBM General Parallel File System and Spectrum Scale
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.
local
high complexity
ibm CWE-264
7.0
7.0
2016-11-25 CVE-2016-2984 Permissions, Privileges, and Access Controls vulnerability in IBM General Parallel File System and Spectrum Scale
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.
local
high complexity
ibm CWE-264
7.0
7.0
2016-11-19 CVE-2016-9151 Permissions, Privileges, and Access Controls vulnerability in Paloaltonetworks Pan-Os
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
local
low complexity
paloaltonetworks CWE-264
7.8
7.8
2016-11-18 CVE-2016-8561 Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic CP 1543-1 Firmware
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28).
network
high complexity
siemens CWE-264
6.6
6.6
2016-11-10 CVE-2016-7489 Permissions, Privileges, and Access Controls vulnerability in Teradata Virtual Machine 15.10
Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.
network
low complexity
teradata CWE-264
critical
 9.8
9.8
2016-11-10 CVE-2016-7488 Permissions, Privileges, and Access Controls vulnerability in Teradata Virtual Machine 15.10
Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr.
local
low complexity
teradata CWE-264
7.8
7.8
2016-11-10 CVE-2016-7254 Permissions, Privileges, and Access Controls vulnerability in Microsoft SQL Server 2012
Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-264
8.8
8.8