Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-30 | CVE-2017-14349 | Improper Privilege Management vulnerability in HP Sitescope An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | 9.8 |
| 2017-09-29 | CVE-2017-8448 | Improper Privilege Management vulnerability in Elastic X-Pack An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges. | 8.8 |
| 2017-09-29 | CVE-2017-8447 | Improper Privilege Management vulnerability in Elastic X-Pack An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. | 6.5 |
| 2017-09-21 | CVE-2017-9724 | Improper Privilege Management vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address. | 7.8 |
| 2017-09-15 | CVE-2017-14484 | Improper Privilege Management vulnerability in Gentoo Sci-Mathematics-Gimps 28.10 The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed. | 7.3 |
| 2017-09-13 | CVE-2017-14124 | Improper Privilege Management vulnerability in Unicon-Software RP In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions. | 6.3 |
| 2017-09-11 | CVE-2017-14312 | Improper Privilege Management vulnerability in Nagios Core Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | 7.8 |
| 2017-09-07 | CVE-2016-0732 | Improper Privilege Management vulnerability in multiple products The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors. | 8.8 |
| 2017-08-29 | CVE-2017-12422 | Improper Privilege Management vulnerability in Netapp Storagegrid Webscale NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors. | 6.5 |
| 2017-08-27 | CVE-2017-13707 | Improper Privilege Management vulnerability in Axcient Replibit 2017.05.11 Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. | 9.8 |