Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-03 | CVE-2019-10144 | Improper Privilege Management vulnerability in Redhat RKT rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. | 7.7 |
| 2019-05-29 | CVE-2019-11896 | Improper Privilege Management vulnerability in Bosch Smart Home Controller Firmware 9.8.905 A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. | 7.1 |
| 2019-05-29 | CVE-2019-11893 | Improper Privilege Management vulnerability in Bosch Smart Home Controller Firmware A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. | 8.0 |
| 2019-05-29 | CVE-2019-11891 | Improper Privilege Management vulnerability in Bosch Smart Home Controller Firmware A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. | 8.0 |
| 2019-05-28 | CVE-2019-7394 | Improper Privilege Management vulnerability in CA Risk Authentication and Strong Authentication A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. | 8.8 |
| 2019-05-16 | CVE-2019-1000 | Improper Privilege Management vulnerability in Microsoft Azure Active Directory Connect An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the Azure AD Connect server, aka 'Microsoft Azure AD Connect Elevation of Privilege Vulnerability'. | 5.3 |
| 2019-05-14 | CVE-2019-0301 | Improper Privilege Management vulnerability in SAP Identity Management 2.0 Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing. | 8.8 |
| 2019-05-13 | CVE-2019-11888 | Improper Privilege Management vulnerability in Golang GO Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. | 9.8 |
| 2019-05-03 | CVE-2019-6617 | Improper Privilege Management vulnerability in F5 products On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. | 6.5 |
| 2019-05-03 | CVE-2019-3805 | Improper Privilege Management vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. | 4.7 |