Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-25 | CVE-2016-4778 | Permissions, Privileges, and Access Controls vulnerability in Apple products The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 7.8 |
| 2016-09-25 | CVE-2016-4716 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-09-24 | CVE-2016-6413 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller 1.3(2F) The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496. | 7.8 |
| 2016-09-22 | CVE-2016-6406 | Permissions, Privileges, and Access Controls vulnerability in Cisco Email Security Appliance Firmware Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017. | 9.8 |
| 2016-09-22 | CVE-2016-6322 | Permissions, Privileges, and Access Controls vulnerability in Redhat Quickstart Cloud Installer Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | 8.4 |
| 2016-09-21 | CVE-2016-7093 | Permissions, Privileges, and Access Controls vulnerability in XEN 4.5.3/4.6.3/4.7.0 Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation. | 8.2 |
| 2016-09-21 | CVE-2016-7092 | Permissions, Privileges, and Access Controls vulnerability in XEN The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. | 8.2 |
| 2016-09-21 | CVE-2016-4382 | Permissions, Privileges, and Access Controls vulnerability in HP Performance Center HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue. | 8.3 |
| 2016-09-21 | CVE-2016-0921 | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program. | 6.5 |
| 2016-09-21 | CVE-2016-0917 | Permissions, Privileges, and Access Controls vulnerability in EMC products The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231. | 9.8 |