Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-03-29 CVE-2016-2288 Permissions, Privileges, and Access Controls vulnerability in Cogentdatahub Cogent Datahub
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
local
low complexity
cogentdatahub CWE-264
7.8
2016-03-24 CVE-2016-1366 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR
The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.
network
low complexity
cisco CWE-264
6.5
2016-03-24 CVE-2016-1773 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
local
low complexity
apple CWE-264
3.3
2016-03-24 CVE-2016-1751 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Watchos
The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.
local
low complexity
apple CWE-264
7.8
2016-03-21 CVE-2015-7454 Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.
network
low complexity
ibm CWE-264
4.3
2016-03-18 CVE-2016-2281 Permissions, Privileges, and Access Controls vulnerability in ABB Panel Builder 800 5.1
Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
local
high complexity
abb CWE-264
7.2
2016-03-18 CVE-2015-8154 Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection Manager
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."
network
low complexity
symantec CWE-264
8.8
2016-03-18 CVE-2014-9768 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Access Services
IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code.
network
low complexity
ibm CWE-264
8.8
2016-03-16 CVE-2016-1990 Permissions, Privileges, and Access Controls vulnerability in Microfocus Arcsight Enterprise Security Manager
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
local
low complexity
microfocus CWE-264
7.8
2016-03-14 CVE-2016-2856 Permissions, Privileges, and Access Controls vulnerability in multiple products
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk.
local
low complexity
canonical debian CWE-264
8.4