Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-02-03 CVE-2015-8748 Permissions, Privileges, and Access Controls vulnerability in Radicale 1.0/1.0.1
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".
network
low complexity
radicale CWE-264
5.3
2016-01-26 CVE-2016-1233 Permissions, Privileges, and Access Controls vulnerability in Debian Fuse 2.9.314
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.
local
low complexity
debian CWE-264
7.8
2016-01-17 CVE-2015-7469 Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role.
network
low complexity
ibm CWE-264
4.3
2016-01-17 CVE-2015-7468 Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors.
network
low complexity
ibm CWE-264
4.3
2016-01-15 CVE-2016-1909 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortios
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
network
low complexity
fortinet CWE-264
critical
9.8
2016-01-15 CVE-2016-0852 Permissions, Privileges, and Access Controls vulnerability in Advantech Webaccess
Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors.
network
low complexity
advantech CWE-264
7.5
2016-01-15 CVE-2015-8279 Permissions, Privileges, and Access Controls vulnerability in Samsung web Viewer 1.0.0.193
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script.
network
low complexity
samsung CWE-264
8.6
2016-01-15 CVE-2015-6423 Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance Software
The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782.
network
low complexity
cisco CWE-264
4.3
2016-01-14 CVE-2016-0943 Permissions, Privileges, and Access Controls vulnerability in Adobe products
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X mishandle the Global object, which allows attackers to bypass JavaScript API execution restrictions via unspecified vectors.
network
low complexity
adobe CWE-264
8.8
2016-01-13 CVE-2016-0009 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remote Code Execution Vulnerability."
network
low complexity
microsoft CWE-264
8.8