Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-05 | CVE-2016-5266 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site. | 8.1 |
| 2016-08-05 | CVE-2016-5253 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link. | 4.7 |
| 2016-08-02 | CVE-2016-6192 | Permissions, Privileges, and Access Controls vulnerability in Huawei P8 Smartphone Firmware Gracl00C92B350 Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193. | 7.3 |
| 2016-08-02 | CVE-2016-2408 | Permissions, Privileges, and Access Controls vulnerability in Pulsesecure products Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. | 7.8 |
| 2016-08-02 | CVE-2016-1238 | Permissions, Privileges, and Access Controls vulnerability in multiple products (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . | 7.8 |
| 2016-08-01 | CVE-2016-4834 | Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. | 8.1 |
| 2016-08-01 | CVE-2016-1611 | Permissions, Privileges, and Access Controls vulnerability in Novell Filr 1.2/2.0 Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands. | 7.8 |
| 2016-07-22 | CVE-2016-4638 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." | 7.8 |
| 2016-07-22 | CVE-2016-4633 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 7.8 |
| 2016-07-19 | CVE-2016-5654 | Permissions, Privileges, and Access Controls vulnerability in Misys Fusioncapital Opics Plus Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter. | 7.5 |