Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-06-07 CVE-2015-5723 Permissions, Privileges, and Access Controls vulnerability in multiple products
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
local
low complexity
zend debian doctrine-project CWE-264
7.8
2016-06-07 CVE-2015-5228 Permissions, Privileges, and Access Controls vulnerability in multiple products
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.
local
low complexity
opensuse criu CWE-264
7.8
2016-06-04 CVE-2016-0908 Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.
local
low complexity
emc CWE-264
6.7
2016-06-01 CVE-2016-3697 Permissions, Privileges, and Access Controls vulnerability in multiple products
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
local
low complexity
docker linuxfoundation opensuse CWE-264
7.8
2016-05-31 CVE-2016-4505 Permissions, Privileges, and Access Controls vulnerability in Resourcedm Intuitive 650 TDB Controller 2.1
Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors.
network
low complexity
resourcedm CWE-264
8.8
2016-05-30 CVE-2016-4118 Permissions, Privileges, and Access Controls vulnerability in Adobe Connect
Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.
local
low complexity
adobe CWE-264
7.8
2016-05-25 CVE-2016-1887 Permissions, Privileges, and Access Controls vulnerability in Freebsd 10.1/10.2/10.3
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.
local
low complexity
freebsd CWE-264
7.8
2016-05-23 CVE-2016-3958 Permissions, Privileges, and Access Controls vulnerability in Golang GO
Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.
local
low complexity
golang CWE-264
7.8
2016-05-23 CVE-2016-2855 Permissions, Privileges, and Access Controls vulnerability in Huawei Mobile Broadband HL Service 22.001.25.00.03
The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll.
local
low complexity
huawei CWE-264
7.8
2016-05-23 CVE-2016-4565 Permissions, Privileges, and Access Controls vulnerability in multiple products
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
local
low complexity
linux canonical debian CWE-264
7.8