Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-22 | CVE-2015-5715 | Permissions, Privileges, and Access Controls vulnerability in Wordpress The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors. | 4.3 |
| 2016-05-20 | CVE-2016-1742 | Permissions, Privileges, and Access Controls vulnerability in Apple Itunes Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 7.8 |
| 2016-05-18 | CVE-2016-4480 | Permissions, Privileges, and Access Controls vulnerability in multiple products The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | 8.4 |
| 2016-05-18 | CVE-2016-2077 | Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors. | 9.8 |
| 2016-05-18 | CVE-2016-0707 | Permissions, Privileges, and Access Controls vulnerability in Apache Ambari The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. | 3.3 |
| 2016-05-17 | CVE-2016-3725 | Permissions, Privileges, and Access Controls vulnerability in multiple products Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. | 4.3 |
| 2016-05-17 | CVE-2016-3722 | Permissions, Privileges, and Access Controls vulnerability in multiple products Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name." | 4.3 |
| 2016-05-13 | CVE-2016-1580 | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu-Core-Launcher 1.0.27 The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core." | 9.8 |
| 2016-05-11 | CVE-2016-0197 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." | 7.8 |
| 2016-05-11 | CVE-2016-0196 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0174. | 7.8 |