Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2018-04-27 CVE-2014-2552 Permissions, Privileges, and Access Controls vulnerability in Brookinsconsulting Collected Information Export 1.1.0
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.
network
low complexity
brookinsconsulting CWE-264
critical
 9.8
9.8
2018-04-27 CVE-2014-1846 Permissions, Privileges, and Access Controls vulnerability in Enlightenment
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
local
low complexity
enlightenment CWE-264
7.8
7.8
2018-04-27 CVE-2014-1845 Permissions, Privileges, and Access Controls vulnerability in Enlightenment
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.
local
low complexity
enlightenment CWE-264
7.8
7.8
2018-04-27 CVE-2013-7202 Permissions, Privileges, and Access Controls vulnerability in Paypal
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.
network
high complexity
paypal CWE-264
8.1
8.1
2018-04-18 CVE-2016-10457 Permissions, Privileges, and Access Controls vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, app is requesting more permissions than required.
network
low complexity
qualcomm CWE-264
critical
 9.8
9.8
2018-04-18 CVE-2016-10451 Permissions, Privileges, and Access Controls vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, privilege escalation may occur due to inherently insecure treatment of local files.
local
low complexity
qualcomm CWE-264
7.8
7.8
2018-04-18 CVE-2014-10058 Permissions, Privileges, and Access Controls vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, unauthorized users can potentially modify system time.
network
low complexity
qualcomm CWE-264
7.5
7.5
2018-04-18 CVE-2014-10057 Permissions, Privileges, and Access Controls vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions.
network
low complexity
qualcomm CWE-264
critical
 9.8
9.8
2018-04-18 CVE-2014-10054 Permissions, Privileges, and Access Controls vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation.
network
low complexity
qualcomm CWE-264
critical
 9.8
9.8
2018-04-12 CVE-2014-8421 Permissions, Privileges, and Access Controls vulnerability in Unify Openscape Desk Phone IP SIP and Openstage SIP
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
network
high complexity
unify CWE-264
7.5
7.5