Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-02-19 CVE-2016-1335 Permissions, Privileges, and Access Controls vulnerability in Cisco ASR 5000 Series Software
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.
network
high complexity
cisco CWE-264
7.5
2016-02-18 CVE-2016-0069 Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer 10/11/9
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068.
network
low complexity
microsoft CWE-264
8.8
2016-02-18 CVE-2016-0068 Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer 10/11/9
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069.
network
low complexity
microsoft CWE-264
8.8
2016-02-18 CVE-2015-8150 Permissions, Privileges, and Access Controls vulnerability in Symantec Encryption Management Server 3.3.2
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file.
local
low complexity
symantec CWE-264
7.8
2016-02-17 CVE-2016-2071 Permissions, Privileges, and Access Controls vulnerability in Citrix Netscaler 10.5/10.5E/11.0
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.
network
low complexity
citrix CWE-264
critical
9.8
2016-02-17 CVE-2016-0766 Permissions, Privileges, and Access Controls vulnerability in multiple products
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
network
low complexity
postgresql canonical debian CWE-264
8.8
2016-02-17 CVE-2016-1152 Permissions, Privileges, and Access Controls vulnerability in Cybozu Office
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.
network
low complexity
cybozu CWE-264
5.4
2016-02-17 CVE-2015-8486 Permissions, Privileges, and Access Controls vulnerability in Cybozu Office
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.
network
low complexity
cybozu CWE-264
5.4
2016-02-17 CVE-2015-8485 Permissions, Privileges, and Access Controls vulnerability in Cybozu Office
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.
network
low complexity
cybozu CWE-264
5.4
2016-02-17 CVE-2015-8484 Permissions, Privileges, and Access Controls vulnerability in Cybozu Office
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.
network
low complexity
cybozu CWE-264
5.4