Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-01-06 CVE-2015-6645 Permissions, Privileges, and Access Controls vulnerability in Google Android
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
local
low complexity
google CWE-264
5.0
2016-01-06 CVE-2015-6643 Permissions, Privileges, and Access Controls vulnerability in Google Android 5.1.1/6.0/6.0.1
Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
low complexity
google CWE-264
6.6
2016-01-06 CVE-2015-6642 Permissions, Privileges, and Access Controls vulnerability in Google Android 5.1.0/6.0/6.0.1
The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888.
network
low complexity
google CWE-264
critical
9.8
2016-01-06 CVE-2015-6640 Permissions, Privileges, and Access Controls vulnerability in Google Android
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.
local
low complexity
google CWE-264
7.8
2016-01-06 CVE-2015-6639 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
local
low complexity
google CWE-264
7.8
2016-01-06 CVE-2015-6638 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
local
low complexity
google CWE-264
7.8
2016-01-06 CVE-2015-6637 Permissions, Privileges, and Access Controls vulnerability in Google Android
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
local
low complexity
google CWE-264
7.8
2016-01-05 CVE-2015-6861 Permissions, Privileges, and Access Controls vulnerability in Eucalyptus
HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.
network
high complexity
eucalyptus CWE-264
7.5
2016-01-05 CVE-2015-6860 Permissions, Privileges, and Access Controls vulnerability in HP products
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.
local
low complexity
hp CWE-264
8.4
2016-01-05 CVE-2015-6859 Permissions, Privileges, and Access Controls vulnerability in HP Network Switch Software 15.18.0
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.
local
low complexity
hp CWE-264
7.8