Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2017-03-19 CVE-2017-5623 Improper Privilege Management vulnerability in Oneplus Oxygenos
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices.
low complexity
oneplus CWE-269
6.6
2017-03-17 CVE-2017-6954 Improper Privilege Management vulnerability in Buddypress
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress.
network
low complexity
buddypress CWE-269
4.3
2017-03-12 CVE-2017-5624 Improper Privilege Management vulnerability in Oneplus Oxygenos 3.2.8/3.5.4/4.0.2
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T.
network
low complexity
oneplus CWE-269
critical
9.8
2017-03-08 CVE-2017-1150 Improper Privilege Management vulnerability in IBM DB2 10.1/10.5/11.1
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view.
network
high complexity
ibm CWE-269
3.1
2017-03-02 CVE-2017-6401 Improper Privilege Management vulnerability in Veritas Netbackup and Netbackup Appliance
An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0.
local
low complexity
veritas CWE-269
7.8
2017-02-27 CVE-2017-6342 Improper Privilege Management vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware
An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19.
network
low complexity
dahuasecurity CWE-269
critical
9.8
2017-02-15 CVE-2017-0310 Improper Privilege Management vulnerability in Nvidia GPU Driver
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service.
local
low complexity
nvidia CWE-269
6.5
2017-02-13 CVE-2017-5142 Improper Privilege Management vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior.
network
low complexity
honeywell CWE-269
critical
9.1
2017-02-09 CVE-2017-5940 Improper Privilege Management vulnerability in Firejail Project Firejail
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
local
low complexity
firejail-project CWE-269
8.8
2017-01-30 CVE-2017-5572 Improper Privilege Management vulnerability in Citrix Xenserver
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0.
network
low complexity
citrix CWE-269
6.5