Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-7532 Improper Privilege Management vulnerability in Moodle
In Moodle 3.x, course creators are able to change system default settings for courses.
network
low complexity
moodle CWE-269
6.5
2017-07-17 CVE-2017-11361 Improper Privilege Management vulnerability in Intenogroup Inteno Router Firmware
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus.
network
low complexity
intenogroup CWE-269
8.8
2017-07-17 CVE-2017-1000003 Improper Privilege Management vulnerability in Atutor
ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation.
network
low complexity
atutor CWE-269
critical
9.8
2017-07-10 CVE-2017-8032 Improper Privilege Management vulnerability in multiple products
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12.
network
high complexity
pivotal-software cloudfoundry CWE-269
6.6
2017-07-10 CVE-2017-6732 Improper Privilege Management vulnerability in Cisco Prime Network
A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges.
local
low complexity
cisco CWE-269
6.7
2017-07-10 CVE-2017-6728 Improper Privilege Management vulnerability in Cisco IOS XR
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions.
local
high complexity
cisco CWE-269
7.0
2017-07-07 CVE-2017-1000082 Improper Privilege Management vulnerability in Systemd Project Systemd
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g.
network
low complexity
systemd-project CWE-269
critical
9.8
2017-06-22 CVE-2017-1326 Improper Privilege Management vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling File Gateway does not properly restrict user requests based on permission level.
network
low complexity
ibm CWE-269
4.3
2017-06-21 CVE-2017-7922 Improper Privilege Management vulnerability in Cambium Networks products
An Improper Privilege Management issue was discovered in Cambium Networks ePMP.
network
low complexity
cambium-networks CWE-269
7.6
2017-06-21 CVE-2017-7918 Improper Privilege Management vulnerability in Cambium Networks products
An Improper Access Control issue was discovered in Cambium Networks ePMP.
network
low complexity
cambium-networks CWE-269
6.8