Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-02-15 CVE-2015-7408 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
network
high complexity
ibm CWE-264
3.7
2016-02-14 CVE-2016-1627 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
network
low complexity
opensuse debian google CWE-264
8.8
2016-02-14 CVE-2016-1625 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.
network
low complexity
opensuse google debian CWE-264
4.3
2016-02-14 CVE-2016-1623 Permissions, Privileges, and Access Controls vulnerability in multiple products
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.
network
low complexity
debian google opensuse CWE-264
8.8
2016-02-14 CVE-2016-1622 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
network
low complexity
google debian opensuse CWE-264
8.8
2016-02-13 CVE-2016-1949 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.
network
low complexity
mozilla CWE-264
8.8
2016-02-12 CVE-2016-1324 Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 201506Base
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.
network
low complexity
cisco CWE-264
5.3
2016-02-12 CVE-2016-1322 Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 20150704Base
The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.
network
low complexity
cisco CWE-264
7.5
2016-02-10 CVE-2016-0051 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-02-10 CVE-2016-0048 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8