Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-08 | CVE-2017-9940 | Improper Privilege Management vulnerability in Siemens Sipass Integrated 2.65 A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. | 8.1 |
| 2017-08-07 | CVE-2017-7916 | Improper Privilege Management vulnerability in ABB Vsn300 Firmware and Vsn300 for React Firmware A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. | 6.5 |
| 2017-08-02 | CVE-2017-11438 | Improper Privilege Management vulnerability in Gitlab GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup. | 6.3 |
| 2017-07-30 | CVE-2017-11747 | Improper Privilege Management vulnerability in Tinyproxy Project Tinyproxy main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command. | 5.5 |
| 2017-07-27 | CVE-2017-11681 | Improper Privilege Management vulnerability in Project Hashtopussy Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. | 8.8 |
| 2017-07-20 | CVE-2017-11467 | Improper Privilege Management vulnerability in Orientdb OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request. | 9.8 |
| 2017-07-17 | CVE-2017-7532 | Improper Privilege Management vulnerability in Moodle In Moodle 3.x, course creators are able to change system default settings for courses. | 6.5 |
| 2017-07-17 | CVE-2017-11361 | Improper Privilege Management vulnerability in Intenogroup Inteno Router Firmware Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. | 8.8 |
| 2017-07-17 | CVE-2017-1000003 | Improper Privilege Management vulnerability in Atutor ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. | 9.8 |
| 2017-07-10 | CVE-2017-8032 | Improper Privilege Management vulnerability in multiple products In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. | 6.6 |