Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-02-10 CVE-2016-0036 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code via crafted data, aka "Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability."
network
high complexity
microsoft CWE-264
8.1
2016-02-08 CVE-2015-8709 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call.
local
high complexity
linux CWE-264
7.0
2016-02-07 CVE-2016-0813 Permissions, Privileges, and Access Controls vulnerability in Google Android
packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25476219.
low complexity
google CWE-264
6.1
2016-02-07 CVE-2016-0812 Permissions, Privileges, and Access Controls vulnerability in Google Android
The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538.
low complexity
google CWE-264
6.1
2016-02-07 CVE-2016-0810 Permissions, Privileges, and Access Controls vulnerability in Google Android
media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119.
local
low complexity
google CWE-264
7.8
2016-02-07 CVE-2016-0809 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768.
low complexity
google CWE-264
8.8
2016-02-07 CVE-2016-0807 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.
local
low complexity
google CWE-264
8.4
2016-02-07 CVE-2016-0806 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.
local
low complexity
google CWE-264
8.4
2016-02-07 CVE-2016-0805 Permissions, Privileges, and Access Controls vulnerability in Google Android
The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.
local
low complexity
google CWE-264
8.4
2016-02-03 CVE-2016-1906 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
network
low complexity
kubernetes CWE-264
critical
9.8