Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5166 | Improper Privilege Management vulnerability in multiple products WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. | 7.5 |
| 2018-06-11 | CVE-2017-7803 | Improper Privilege Management vulnerability in multiple products When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. | 7.5 |
| 2018-06-11 | CVE-2017-7782 | Improper Privilege Management vulnerability in Mozilla Firefox An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. | 5.3 |
| 2018-06-11 | CVE-2017-7767 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. | 5.5 |
| 2018-06-11 | CVE-2017-5409 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. | 5.5 |
| 2018-06-02 | CVE-2018-11190 | Improper Privilege Management vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | 8.8 |
| 2018-05-29 | CVE-2018-1495 | Improper Privilege Management vulnerability in IBM Flashsystem 840 Firmware and Flashsystem 900 Firmware IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. | 6.5 |
| 2018-05-25 | CVE-2018-1134 | Improper Privilege Management vulnerability in Moodle An issue was discovered in Moodle 3.x. | 6.5 |
| 2018-05-24 | CVE-2017-14187 | Improper Privilege Management vulnerability in Fortinet Fortios A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | 6.2 |
| 2018-05-22 | CVE-2018-11323 | Improper Privilege Management vulnerability in Joomla Joomla! An issue was discovered in Joomla! Core before 3.8.8. | 8.8 |