Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-12 | CVE-2016-3162 | Improper Access Control vulnerability in multiple products The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files. | 8.1 |
| 2016-04-12 | CVE-2016-2558 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver R340 and GPU Driver R352 The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access. | 8.4 |
| 2016-04-12 | CVE-2016-2557 | Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver R340 and GPU Driver R352 The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access. | 8.4 |
| 2016-04-12 | CVE-2016-2556 | Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver R340 and GPU Driver R352 The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-04-12 | CVE-2016-2170 | Improper Input Validation vulnerability in Apache Ofbiz Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |
| 2016-04-12 | CVE-2016-2166 | Information Exposure vulnerability in multiple products The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. | 6.5 |
| 2016-04-12 | CVE-2016-2140 | Information Exposure vulnerability in Openstack Nova The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. | 5.3 |
| 2016-04-12 | CVE-2016-1866 | Improper Access Control vulnerability in multiple products Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream. | 8.1 |
| 2016-04-12 | CVE-2016-0733 | Improper Authentication vulnerability in Apache Ranger 0.4.0/0.4.1/0.5.0 The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username. | 9.8 |
| 2016-04-12 | CVE-2015-8702 | Improper Input Validation vulnerability in multiple products The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname. | 8.6 |