Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2018-04-18 CVE-2014-10054 Permissions, Privileges, and Access Controls vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation.
network
low complexity
qualcomm CWE-264
critical
 9.8
9.8
2018-04-12 CVE-2014-8421 Permissions, Privileges, and Access Controls vulnerability in Unify Openscape Desk Phone IP SIP and Openstage SIP
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
network
high complexity
unify CWE-264
7.5
7.5
2018-04-10 CVE-2014-1946 Permissions, Privileges, and Access Controls vulnerability in Opendocman
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.
network
low complexity
opendocman CWE-264
8.8
8.8
2018-04-10 CVE-2014-1889 Permissions, Privileges, and Access Controls vulnerability in Buddypress
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
network
low complexity
buddypress CWE-264
6.5
6.5
2018-04-06 CVE-2014-1226 Permissions, Privileges, and Access Controls vulnerability in S3Dvt Project S3Dvt 0.2.2
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier.
local
low complexity
s3dvt-project CWE-264
7.8
7.8
2018-04-06 CVE-2013-6876 Permissions, Privileges, and Access Controls vulnerability in S3Dvt Project S3Dvt 0.2.2
The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier.
local
low complexity
s3dvt-project CWE-264
7.8
7.8
2018-04-05 CVE-2016-8482 Permissions, Privileges, and Access Controls vulnerability in Google Android
An elevation of privilege vulnerability in the NVIDIA GPU driver.
local
low complexity
google CWE-264
7.8
7.8
2018-04-04 CVE-2016-8488 Permissions, Privileges, and Access Controls vulnerability in Google Android
An elevation of privilege vulnerability in Qualcomm closed source components.
network
low complexity
google CWE-264
critical
 9.8
9.8
2018-04-04 CVE-2016-8487 Permissions, Privileges, and Access Controls vulnerability in Google Android
An elevation of privilege vulnerability in Qualcomm closed source components.
network
low complexity
google CWE-264
critical
 9.8
9.8
2018-04-04 CVE-2016-8484 Permissions, Privileges, and Access Controls vulnerability in Google Android
An elevation of privilege vulnerability in Qualcomm closed source components.
network
low complexity
google CWE-264
critical
 9.8
9.8