Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-12 | CVE-2016-2405 | Permissions, Privileges, and Access Controls vulnerability in Huawei Policy Center Firmware V100R003C10 Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL. | 8.8 |
| 2016-04-12 | CVE-2016-3157 | Permissions, Privileges, and Access Controls vulnerability in multiple products The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. | 7.8 |
| 2016-04-12 | CVE-2016-3169 | Permissions, Privileges, and Access Controls vulnerability in multiple products The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array. | 8.1 |
| 2016-04-12 | CVE-2016-2557 | Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver R340 and GPU Driver R352 The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access. | 8.4 |
| 2016-04-12 | CVE-2016-2556 | Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver R340 and GPU Driver R352 The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-04-12 | CVE-2015-5167 | Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.4.0/0.4.1/0.5.0 The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API. | 6.5 |
| 2016-04-11 | CVE-2015-5329 | Permissions, Privileges, and Access Controls vulnerability in Redhat Openstack 7.0 The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. | 7.3 |
| 2016-04-11 | CVE-2015-5233 | Permissions, Privileges, and Access Controls vulnerability in multiple products Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. | 4.2 |
| 2016-04-11 | CVE-2016-0735 | Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.5.0/0.5.1 Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy. | 8.8 |
| 2016-04-11 | CVE-2015-0266 | Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.4.0 The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs. | 7.1 |