Vulnerabilities > Permissions, Privileges, and Access Controls
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-03-29 | CVE-2016-2288 | Permissions, Privileges, and Access Controls vulnerability in Cogentdatahub Cogent Datahub Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | 7.8 |
2016-03-24 | CVE-2016-1366 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. | 6.5 |
2016-03-24 | CVE-2016-1773 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | 3.3 |
2016-03-24 | CVE-2016-1751 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Watchos The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app. | 7.8 |
2016-03-21 | CVE-2015-7454 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. | 4.3 |
2016-03-18 | CVE-2016-2281 | Permissions, Privileges, and Access Controls vulnerability in ABB Panel Builder 800 5.1 Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 7.2 |
2016-03-18 | CVE-2015-8154 | Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection Manager The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." | 8.8 |
2016-03-18 | CVE-2014-9768 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Access Services IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. | 8.8 |
2016-03-16 | CVE-2016-1990 | Permissions, Privileges, and Access Controls vulnerability in Microfocus Arcsight Enterprise Security Manager HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | 7.8 |
2016-03-14 | CVE-2016-2856 | Permissions, Privileges, and Access Controls vulnerability in multiple products pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. | 8.4 |