Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-18 | CVE-2018-1000400 | Improper Privilege Management vulnerability in Kubernetes Cri-O Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. | 8.8 |
| 2018-05-15 | CVE-2018-8841 | Improper Privilege Management vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. | 7.8 |
| 2018-05-04 | CVE-2018-8853 | Improper Privilege Management vulnerability in Philips products Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. | 8.8 |
| 2018-05-03 | CVE-2018-10168 | Improper Privilege Management vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. | 8.8 |
| 2018-05-02 | CVE-2018-0245 | Improper Privilege Management vulnerability in Cisco Wireless LAN Controller Software 8.3(133.0)/8.5(105.0) A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. | 5.3 |
| 2018-04-30 | CVE-2018-10550 | Improper Privilege Management vulnerability in Octopus Deploy In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. | 7.5 |
| 2018-04-20 | CVE-2018-10079 | Improper Privilege Management vulnerability in Vertiv Watchdog Console 3.2.2 Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml. | 7.8 |
| 2018-04-17 | CVE-2018-10190 | Improper Privilege Management vulnerability in Londontrustmedia Private Internet Access 77 A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. | 7.8 |
| 2018-04-16 | CVE-2018-10172 | Improper Privilege Management vulnerability in 7-Zip 7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. | 8.8 |
| 2018-04-13 | CVE-2018-4173 | Improper Privilege Management vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 5.5 |