Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-10-13 CVE-2016-6325 Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
local
low complexity
apache CWE-264
7.8
7.8
2016-10-10 CVE-2016-8101 Permissions, Privileges, and Access Controls vulnerability in Intel Solid-State Drive Toolbox 1.0/3.3.6
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.
local
low complexity
intel CWE-264
7.8
7.8
2016-10-10 CVE-2016-6673 Permissions, Privileges, and Access Controls vulnerability in Google Android
The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 30204201.
local
low complexity
google CWE-264
7.8
7.8
2016-10-10 CVE-2016-6672 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088.
local
low complexity
google CWE-264
7.8
7.8
2016-10-10 CVE-2016-3940 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 30141991.
local
low complexity
google CWE-264
7.8
7.8
2016-10-10 CVE-2016-3939 Permissions, Privileges, and Access Controls vulnerability in Google Android 7.0
drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224.
local
low complexity
google CWE-264
7.8
7.8
2016-10-10 CVE-2016-3938 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug CR 1049232.
local
low complexity
google CWE-264
7.8
7.8
2016-10-10 CVE-2016-3933 Permissions, Privileges, and Access Controls vulnerability in Google Android
mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408.
local
low complexity
google CWE-264
7.8
7.8
2016-10-10 CVE-2016-3932 Permissions, Privileges, and Access Controls vulnerability in Google Android
mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870.
local
low complexity
google CWE-264
7.8
7.8
2016-10-10 CVE-2016-3931 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR 1036418.
local
low complexity
google CWE-264
7.8
7.8