Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-23 | CVE-2017-14330 | Improper Privilege Management vulnerability in Extremenetworks Extremexos Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process. | 6.7 |
| 2017-10-23 | CVE-2017-14329 | Improper Privilege Management vulnerability in Extremenetworks Extremexos Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell. | 6.7 |
| 2017-10-19 | CVE-2017-10292 | Improper Privilege Management vulnerability in Oracle Database 11.2.0.4/12.1.0.2/12.2.0.1 Vulnerability in the RDBMS Security component of Oracle Database Server. | 2.3 |
| 2017-10-13 | CVE-2017-15014 | Improper Privilege Management vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. | 4.3 |
| 2017-10-13 | CVE-2017-15013 | Improper Privilege Management vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. | 8.8 |
| 2017-10-12 | CVE-2017-10857 | Improper Privilege Management vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | 4.3 |
| 2017-10-11 | CVE-2017-5722 | Improper Privilege Management vulnerability in Intel products Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. | 7.5 |
| 2017-10-10 | CVE-2017-13721 | Improper Privilege Management vulnerability in multiple products In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | 4.7 |
| 2017-10-05 | CVE-2017-12728 | Improper Privilege Management vulnerability in Spidercontrol Scada Webserver 2.02.0007 An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. | 7.8 |
| 2017-10-05 | CVE-2017-1000104 | Improper Privilege Management vulnerability in Jenkins Config File Provider The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. | 6.5 |