Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-23 | CVE-2016-1435 | Permissions, Privileges, and Access Controls vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | 7.0 |
| 2016-06-20 | CVE-2016-2363 | Permissions, Privileges, and Access Controls vulnerability in Fonality 12.6/12.8/14.1I Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account. | 7.8 |
| 2016-06-19 | CVE-2016-0912 | Permissions, Privileges, and Access Controls vulnerability in Dell EMC Data Domain OS EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation. | 9.8 |
| 2016-06-19 | CVE-2016-0911 | Permissions, Privileges, and Access Controls vulnerability in Dell EMC Data Domain OS EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges. | 8.2 |
| 2016-06-19 | CVE-2016-1183 | Permissions, Privileges, and Access Controls vulnerability in Nttdata Terasoluna Server Framework for Java web NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. | 3.7 |
| 2016-06-17 | CVE-2016-3643 | Permissions, Privileges, and Access Controls vulnerability in Solarwinds Virtualization Manager 6.3.1 SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." | 7.8 |
| 2016-06-16 | CVE-2016-4158 | Permissions, Privileges, and Access Controls vulnerability in multiple products Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | 7.3 |
| 2016-06-16 | CVE-2016-4157 | Permissions, Privileges, and Access Controls vulnerability in Adobe Creative Cloud Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | 7.3 |
| 2016-06-16 | CVE-2016-3225 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability." | 7.8 |
| 2016-06-16 | CVE-2016-3223 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka "Group Policy Elevation of Privilege Vulnerability." | 8.1 |