Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-11 | CVE-2016-3065 | Permissions, Privileges, and Access Controls vulnerability in Postgresql 9.5/9.5.1 The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page. | 9.1 |
| 2016-04-11 | CVE-2016-1235 | Permissions, Privileges, and Access Controls vulnerability in multiple products The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. | 8.8 |
| 2016-04-11 | CVE-2016-2393 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Fingerprint Manager and Touch Fingerprint Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. | 7.8 |
| 2016-04-11 | CVE-2016-2171 | Permissions, Privileges, and Access Controls vulnerability in Apache Jetspeed The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API. | 7.5 |
| 2016-04-08 | CVE-2016-3188 | Permissions, Privileges, and Access Controls vulnerability in Prepopulate Project Prepopulate 7.X2.0/7.X2.X The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors. | 7.3 |
| 2016-04-08 | CVE-2016-3187 | Permissions, Privileges, and Access Controls vulnerability in Prepopulate Project Prepopulate 7.X2.0/7.X2.X The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter. | 7.3 |
| 2016-04-07 | CVE-2016-1531 | Permissions, Privileges, and Access Controls vulnerability in Exim Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. | 7.0 |
| 2016-04-07 | CVE-2016-0788 | Permissions, Privileges, and Access Controls vulnerability in multiple products The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. | 9.8 |
| 2016-04-06 | CVE-2016-1313 | Permissions, Privileges, and Access Controls vulnerability in Cisco UCS Invicta C3124Sa Appliance 4.3.1/4.5.0/5.0.1 Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. | 9.8 |
| 2016-04-06 | CVE-2016-1290 | Permissions, Privileges, and Access Controls vulnerability in multiple products The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227. | 8.1 |