Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-05-11 CVE-2016-0180 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles symbolic links, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-05-11 CVE-2016-0178 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka "RPC Network Data Representation Engine Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-264
8.8
2016-05-11 CVE-2016-0176 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-05-11 CVE-2016-0174 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0196.
local
low complexity
microsoft CWE-264
7.8
2016-05-11 CVE-2016-0173 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196.
local
low complexity
microsoft CWE-264
7.8
2016-05-11 CVE-2016-0171 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196.
local
low complexity
microsoft CWE-264
7.8
2016-05-11 CVE-2016-0152 Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Server 2008 and Windows Vista
Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-05-09 CVE-2016-2462 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173.
local
high complexity
google CWE-264
7.0
2016-05-09 CVE-2016-2461 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681.
local
high complexity
google CWE-264
7.0
2016-05-09 CVE-2016-2457 Permissions, Privileges, and Access Controls vulnerability in Google Android
server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.
local
low complexity
google CWE-264
5.5