Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2020-04-14 CVE-2019-18822 Improper Privilege Management vulnerability in Eleveo Call Recording 6.3.1
A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the [email protected].
network
low complexity
eleveo CWE-269
critical
9.0
2020-04-12 CVE-2020-11708 Improper Privilege Management vulnerability in Provideserver Provide FTP Server 13.1
An issue was discovered in ProVide (formerly zFTPServer) through 13.1.
network
low complexity
provideserver CWE-269
critical
9.8
2020-04-10 CVE-2020-4362 Improper Privilege Management vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector.
network
low complexity
ibm CWE-269
6.5
2020-04-09 CVE-2020-10551 Improper Privilege Management vulnerability in Tencent Qqbrowser
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe.
local
low complexity
tencent CWE-269
7.2
2020-04-08 CVE-2020-8828 Improper Privilege Management vulnerability in Linuxfoundation Argo Continuous Delivery
As of v1.5.0, the default admin password is set to the argocd-server pod name.
network
low complexity
linuxfoundation CWE-269
6.5
2020-04-08 CVE-2020-1885 Improper Privilege Management vulnerability in Oculus Desktop
Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file.
local
low complexity
oculus CWE-269
4.6
2020-04-08 CVE-2020-1991 Improper Privilege Management vulnerability in Paloaltonetworks Traps
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files.
local
low complexity
paloaltonetworks CWE-269
3.6
2020-04-08 CVE-2020-1989 Improper Privilege Management vulnerability in Paloaltonetworks Globalprotect 5.0/5.0.4/5.1
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system.
local
low complexity
paloaltonetworks CWE-269
7.2
2020-04-07 CVE-2020-5302 Improper Privilege Management vulnerability in Mh-Wikibot Project Mh-Wikibot
MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in.
network
low complexity
mh-wikibot-project CWE-269
6.4
2020-04-07 CVE-2020-11561 Improper Privilege Management vulnerability in Nchsoftware Express Invoice 7.25
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.
network
low complexity
nchsoftware CWE-269
6.5