Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-06 | CVE-2016-1313 | Permissions, Privileges, and Access Controls vulnerability in Cisco UCS Invicta C3124Sa Appliance 4.3.1/4.5.0/5.0.1 Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. | 9.8 |
| 2016-04-06 | CVE-2016-1290 | Permissions, Privileges, and Access Controls vulnerability in multiple products The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227. | 8.1 |
| 2016-03-29 | CVE-2016-2288 | Permissions, Privileges, and Access Controls vulnerability in Cogentdatahub Cogent Datahub Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | 7.8 |
| 2016-03-24 | CVE-2016-1366 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. | 6.5 |
| 2016-03-24 | CVE-2016-1773 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | 3.3 |
| 2016-03-24 | CVE-2016-1751 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Watchos The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app. | 7.8 |
| 2016-03-21 | CVE-2015-7454 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. | 4.3 |
| 2016-03-18 | CVE-2016-2281 | Permissions, Privileges, and Access Controls vulnerability in ABB Panel Builder 800 5.1 Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 7.2 |
| 2016-03-18 | CVE-2015-8154 | Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection Manager The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." | 8.8 |
| 2016-03-18 | CVE-2014-9768 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Access Services IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. | 8.8 |