Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-11 | CVE-2016-2193 | 7PK - Security Features vulnerability in Postgresql 9.5/9.5.1 PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role. | 7.5 |
| 2016-04-11 | CVE-2016-1235 | Permissions, Privileges, and Access Controls vulnerability in multiple products The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. | 8.8 |
| 2016-04-11 | CVE-2012-6700 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response. | 7.5 |
| 2016-04-11 | CVE-2012-6699 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response. | 7.5 |
| 2016-04-11 | CVE-2012-6698 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response. | 7.5 |
| 2016-04-11 | CVE-2016-2393 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Fingerprint Manager and Touch Fingerprint Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. | 7.8 |
| 2016-04-11 | CVE-2016-2171 | Permissions, Privileges, and Access Controls vulnerability in Apache Jetspeed The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API. | 7.5 |
| 2016-04-11 | CVE-2016-2164 | Information Exposure vulnerability in Apache Openmeetings The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file. | 7.5 |
| 2016-04-11 | CVE-2016-0783 | Information Exposure vulnerability in Apache Openmeetings The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time. | 7.5 |
| 2016-04-11 | CVE-2016-0710 | SQL Injection vulnerability in Apache Jetspeed Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/. | 8.8 |