Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2017-08-08 CVE-2017-10098 Improper Privilege Management vulnerability in Oracle Flexcube Universal Banking
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).
network
low complexity
oracle CWE-269
5.4
2017-08-08 CVE-2017-10094 Improper Privilege Management vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6
Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security).
network
low complexity
oracle CWE-269
5.4
2017-08-08 CVE-2017-10046 Improper Privilege Management vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access).
network
low complexity
oracle CWE-269
5.4
2017-08-08 CVE-2017-10000 Improper Privilege Management vulnerability in Oracle Hospitality Reporting and Analytics 8.5.1/9.0.0
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting).
network
low complexity
oracle CWE-269
7.7
2017-08-08 CVE-2017-9940 Improper Privilege Management vulnerability in Siemens Sipass Integrated 2.65
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.
network
low complexity
siemens CWE-269
8.1
2017-08-07 CVE-2017-7916 Improper Privilege Management vulnerability in ABB Vsn300 Firmware and Vsn300 for React Firmware
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior.
network
low complexity
abb CWE-269
6.5
2017-08-02 CVE-2017-11438 Improper Privilege Management vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
network
low complexity
gitlab CWE-269
6.3
2017-07-30 CVE-2017-11747 Improper Privilege Management vulnerability in Tinyproxy Project Tinyproxy
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.
local
low complexity
tinyproxy-project CWE-269
5.5
2017-07-27 CVE-2017-11681 Improper Privilege Management vulnerability in Project Hashtopussy
Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.
network
low complexity
project-hashtopussy CWE-269
8.8
2017-07-20 CVE-2017-11467 Improper Privilege Management vulnerability in Orientdb
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
network
low complexity
orientdb CWE-269
critical
9.8