Vulnerabilities > Improper Privilege Management
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-08 | CVE-2017-10098 | Improper Privilege Management vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.4 |
2017-08-08 | CVE-2017-10094 | Improper Privilege Management vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). | 5.4 |
2017-08-08 | CVE-2017-10046 | Improper Privilege Management vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). | 5.4 |
2017-08-08 | CVE-2017-10000 | Improper Privilege Management vulnerability in Oracle Hospitality Reporting and Analytics 8.5.1/9.0.0 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). | 7.7 |
2017-08-08 | CVE-2017-9940 | Improper Privilege Management vulnerability in Siemens Sipass Integrated 2.65 A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. | 8.1 |
2017-08-07 | CVE-2017-7916 | Improper Privilege Management vulnerability in ABB Vsn300 Firmware and Vsn300 for React Firmware A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. | 6.5 |
2017-08-02 | CVE-2017-11438 | Improper Privilege Management vulnerability in Gitlab GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup. | 6.3 |
2017-07-30 | CVE-2017-11747 | Improper Privilege Management vulnerability in Tinyproxy Project Tinyproxy main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command. | 5.5 |
2017-07-27 | CVE-2017-11681 | Improper Privilege Management vulnerability in Project Hashtopussy Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. | 8.8 |
2017-07-20 | CVE-2017-11467 | Improper Privilege Management vulnerability in Orientdb OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request. | 9.8 |