Vulnerabilities > Permissions, Privileges, and Access Controls
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-06-07 | CVE-2015-5723 | Permissions, Privileges, and Access Controls vulnerability in multiple products Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. | 7.8 |
2016-06-07 | CVE-2015-5228 | Permissions, Privileges, and Access Controls vulnerability in multiple products The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path. | 7.8 |
2016-06-04 | CVE-2016-0908 | Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. | 6.7 |
2016-06-01 | CVE-2016-3697 | Permissions, Privileges, and Access Controls vulnerability in multiple products libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | 7.8 |
2016-05-31 | CVE-2016-4505 | Permissions, Privileges, and Access Controls vulnerability in Resourcedm Intuitive 650 TDB Controller 2.1 Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors. | 8.8 |
2016-05-30 | CVE-2016-4118 | Permissions, Privileges, and Access Controls vulnerability in Adobe Connect Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors. | 7.8 |
2016-05-25 | CVE-2016-1887 | Permissions, Privileges, and Access Controls vulnerability in Freebsd 10.1/10.2/10.3 Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow. | 7.8 |
2016-05-23 | CVE-2016-3958 | Permissions, Privileges, and Access Controls vulnerability in Golang GO Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. | 7.8 |
2016-05-23 | CVE-2016-2855 | Permissions, Privileges, and Access Controls vulnerability in Huawei Mobile Broadband HL Service 22.001.25.00.03 The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll. | 7.8 |
2016-05-23 | CVE-2016-4565 | Permissions, Privileges, and Access Controls vulnerability in multiple products The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. | 7.8 |