Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2017-05-18 CVE-2017-6623 Improper Privilege Management vulnerability in Cisco Policy Suite 10.0.0/10.1.0/11.0.0
A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root.
local
low complexity
cisco CWE-269
7.8
2017-05-15 CVE-2017-7489 Improper Privilege Management vulnerability in Moodle
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
network
low complexity
moodle CWE-269
6.3
2017-05-08 CVE-2017-4982 Improper Privilege Management vulnerability in EMC Mainframe Enablers Resourcepak Base 7.6.0/8.0.0/8.1.0
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-269
critical
9.8
2017-04-29 CVE-2017-8114 Improper Privilege Management vulnerability in Roundcube Webmail
Roundcube Webmail allows arbitrary password resets by authenticated users.
network
low complexity
roundcube CWE-269
8.8
2017-04-28 CVE-2017-2094 Improper Privilege Management vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
network
low complexity
cybozu CWE-269
4.3
2017-04-27 CVE-2017-8308 Improper Privilege Management vulnerability in Avast Antivirus
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product.
network
low complexity
avast CWE-269
7.5
2017-04-04 CVE-2017-0360 Improper Privilege Management vulnerability in Tryton
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack.
network
high complexity
tryton CWE-269
5.3
2017-03-29 CVE-2017-5671 Improper Privilege Management vulnerability in Honeywell products
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.
local
low complexity
honeywell CWE-269
8.8
2017-03-24 CVE-2017-6507 Improper Privilege Management vulnerability in multiple products
An issue was discovered in AppArmor before 2.12.
network
high complexity
apparmor canonical CWE-269
5.9
2017-03-23 CVE-2017-5207 Improper Privilege Management vulnerability in Firejail Project Firejail
Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.
local
low complexity
firejail-project CWE-269
7.8