Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-07 | CVE-2016-0805 | Permissions, Privileges, and Access Controls vulnerability in Google Android The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204. | 8.4 |
| 2016-02-03 | CVE-2016-1906 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | 9.8 |
| 2016-02-03 | CVE-2015-8748 | Permissions, Privileges, and Access Controls vulnerability in Radicale 1.0/1.0.1 Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". | 5.3 |
| 2016-01-26 | CVE-2016-1233 | Permissions, Privileges, and Access Controls vulnerability in Debian Fuse 2.9.314 An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. | 7.8 |
| 2016-01-17 | CVE-2015-7469 | Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role. | 4.3 |
| 2016-01-17 | CVE-2015-7468 | Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors. | 4.3 |
| 2016-01-15 | CVE-2016-1909 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortios Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. | 9.8 |
| 2016-01-15 | CVE-2016-0852 | Permissions, Privileges, and Access Controls vulnerability in Advantech Webaccess Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. | 7.5 |
| 2016-01-15 | CVE-2015-8279 | Permissions, Privileges, and Access Controls vulnerability in Samsung web Viewer 1.0.0.193 Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. | 8.6 |
| 2016-01-15 | CVE-2015-6423 | Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance Software The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782. | 4.3 |