Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-30 | CVE-2016-5729 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Bios EFI Driver Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. | 8.2 |
| 2016-06-30 | CVE-2016-5249 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Solution Center 3.3.0001 Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly. | 7.8 |
| 2016-06-30 | CVE-2016-5248 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Solution Center 3.3.0001 The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. | 5.5 |
| 2016-06-30 | CVE-2016-5231 | Permissions, Privileges, and Access Controls vulnerability in Huawei Mate 8 Firmware NXT Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app. | 7.8 |
| 2016-06-30 | CVE-2016-5230 | Permissions, Privileges, and Access Controls vulnerability in Huawei Mate 8 Firmware NXT Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app. | 8.8 |
| 2016-06-29 | CVE-2016-0263 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command. | 7.0 |
| 2016-06-27 | CVE-2016-4440 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. | 7.8 |
| 2016-06-26 | CVE-2016-5087 | Permissions, Privileges, and Access Controls vulnerability in Alertus Desktop Notification for OS X 2.9.30.1700 Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations. | 4.4 |
| 2016-06-24 | CVE-2016-5723 | Permissions, Privileges, and Access Controls vulnerability in Huawei Fusioninsight HD V100R002C30/V100R002C50 Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. | 7.8 |
| 2016-06-24 | CVE-2016-4802 | Permissions, Privileges, and Access Controls vulnerability in Haxx Curl Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. | 7.8 |