Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-28 | CVE-2016-1386 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.(1) The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. | 7.5 |
| 2016-04-21 | CVE-2016-2293 | Permissions, Privileges, and Access Controls vulnerability in Accuenergy Acuvim II NET Firmware and Acuvim IIR NET Firmware The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. | 8.6 |
| 2016-04-20 | CVE-2016-2202 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris IT Management Suite 7.6 The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors. | 5.5 |
| 2016-04-20 | CVE-2016-1384 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS and IOS XE The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. | 7.5 |
| 2016-04-20 | CVE-2015-8842 | Permissions, Privileges, and Access Controls vulnerability in Opensuse 13.2 tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. | 3.3 |
| 2016-04-20 | CVE-2014-9770 | Permissions, Privileges, and Access Controls vulnerability in Opensuse 13.2 tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files. | 3.3 |
| 2016-04-18 | CVE-2016-4036 | Permissions, Privileges, and Access Controls vulnerability in Opensuse Leap and Opensuse The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory. | 5.5 |
| 2016-04-18 | CVE-2016-2423 | Permissions, Privileges, and Access Controls vulnerability in Google Android server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187. | 6.1 |
| 2016-04-18 | CVE-2016-2422 | Permissions, Privileges, and Access Controls vulnerability in Google Android Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357. | 7.8 |
| 2016-04-18 | CVE-2016-2421 | Permissions, Privileges, and Access Controls vulnerability in Google Android Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410. | 6.1 |