Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-12 | CVE-2016-0148 | Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework 4.6/4.6.1 Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability." | 7.8 |
| 2016-04-12 | CVE-2016-0143 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0165 and CVE-2016-0167. | 7.8 |
| 2016-04-12 | CVE-2016-2405 | Permissions, Privileges, and Access Controls vulnerability in Huawei Policy Center Firmware V100R003C10 Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL. | 8.8 |
| 2016-04-12 | CVE-2016-3157 | Permissions, Privileges, and Access Controls vulnerability in multiple products The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. | 7.8 |
| 2016-04-12 | CVE-2016-3169 | Permissions, Privileges, and Access Controls vulnerability in multiple products The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array. | 8.1 |
| 2016-04-12 | CVE-2016-2557 | Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver R340 and GPU Driver R352 The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access. | 8.4 |
| 2016-04-12 | CVE-2016-2556 | Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver R340 and GPU Driver R352 The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-04-12 | CVE-2015-5167 | Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.4.0/0.4.1/0.5.0 The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API. | 6.5 |
| 2016-04-11 | CVE-2015-5329 | Permissions, Privileges, and Access Controls vulnerability in Redhat Openstack 7.0 The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. | 7.3 |
| 2016-04-11 | CVE-2015-5233 | Permissions, Privileges, and Access Controls vulnerability in multiple products Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. | 4.2 |