Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-10 | CVE-2018-1000866 | Improper Privilege Management vulnerability in multiple products A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM | 8.8 |
| 2018-12-10 | CVE-2018-1000865 | Improper Privilege Management vulnerability in multiple products A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed. | 8.8 |
| 2018-12-05 | CVE-2018-19608 | Improper Privilege Management vulnerability in ARM Mbed TLS Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. | 4.7 |
| 2018-12-05 | CVE-2018-1941 | Improper Privilege Management vulnerability in IBM Campaign IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. | 7.8 |
| 2018-12-04 | CVE-2018-19853 | Improper Privilege Management vulnerability in Hitshop Project Hitshop 20140715 An issue was discovered in hitshop through 2014-07-15. | 8.8 |
| 2018-11-27 | CVE-2018-11912 | Improper Privilege Management vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. | 7.8 |
| 2018-11-27 | CVE-2018-11911 | Improper Privilege Management vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. | 7.8 |
| 2018-11-21 | CVE-2018-19411 | Improper Privilege Management vulnerability in Paessler Prtg Network Monitor PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | 8.8 |
| 2018-11-14 | CVE-2018-6080 | Improper Privilege Management vulnerability in multiple products Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . | 6.5 |
| 2018-11-14 | CVE-2018-3635 | Improper Privilege Management vulnerability in Intel Rapid Storage Technology Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. | 7.8 |