Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-13 | CVE-2016-2491 | Permissions, Privileges, and Access Controls vulnerability in Google Android The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408. | 7.8 |
| 2016-06-13 | CVE-2016-2490 | Permissions, Privileges, and Access Controls vulnerability in Google Android The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373. | 7.8 |
| 2016-06-13 | CVE-2016-2489 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629. | 7.8 |
| 2016-06-13 | CVE-2016-2488 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832. | 7.8 |
| 2016-06-10 | CVE-2016-0910 | Permissions, Privileges, and Access Controls vulnerability in EMC Data Domain OS 5.5.3.3/5.6.1.0/5.7.1.0 EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | 8.8 |
| 2016-06-08 | CVE-2016-3738 | Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift 3.2 Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod. | 8.8 |
| 2016-06-08 | CVE-2016-2160 | Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift and Openshift Origin Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | 8.8 |
| 2016-06-07 | CVE-2016-4962 | Permissions, Privileges, and Access Controls vulnerability in multiple products The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore. | 6.7 |
| 2016-06-07 | CVE-2015-5723 | Permissions, Privileges, and Access Controls vulnerability in multiple products Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. | 7.8 |
| 2016-06-07 | CVE-2015-5228 | Permissions, Privileges, and Access Controls vulnerability in multiple products The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path. | 7.8 |