Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-14 | CVE-2016-3266 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3376, CVE-2016-7185, and CVE-2016-7211. | 7.8 |
| 2016-10-13 | CVE-2016-6325 | Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. | 7.8 |
| 2016-10-10 | CVE-2016-8101 | Permissions, Privileges, and Access Controls vulnerability in Intel Solid-State Drive Toolbox 1.0/3.3.6 The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-10-10 | CVE-2016-6673 | Permissions, Privileges, and Access Controls vulnerability in Google Android The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 30204201. | 7.8 |
| 2016-10-10 | CVE-2016-6672 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088. | 7.8 |
| 2016-10-10 | CVE-2016-3940 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 30141991. | 7.8 |
| 2016-10-10 | CVE-2016-3939 | Permissions, Privileges, and Access Controls vulnerability in Google Android 7.0 drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224. | 7.8 |
| 2016-10-10 | CVE-2016-3938 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug CR 1049232. | 7.8 |
| 2016-10-10 | CVE-2016-3933 | Permissions, Privileges, and Access Controls vulnerability in Google Android mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408. | 7.8 |
| 2016-10-10 | CVE-2016-3932 | Permissions, Privileges, and Access Controls vulnerability in Google Android mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870. | 7.8 |