Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-18 | CVE-2013-3323 | Improper Privilege Management vulnerability in IBM products A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | 6.8 |
| 2020-02-17 | CVE-2020-9043 | Improper Privilege Management vulnerability in Wpcentral The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. | 9.0 |
| 2020-02-17 | CVE-2020-9024 | Improper Privilege Management vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2 Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. | 10.0 |
| 2020-02-14 | CVE-2019-6195 | Improper Privilege Management vulnerability in Lenovo Xclarity Controller 1.71Psi328N/3.01Tei392O An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. | 2.1 |
| 2020-02-13 | CVE-2020-0563 | Improper Privilege Management vulnerability in Intel Manycore Platform Software Stack Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
| 2020-02-13 | CVE-2014-4170 | Improper Privilege Management vulnerability in Freereprintables Articlefr 3.0.4 A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. | 7.5 |
| 2020-02-13 | CVE-2020-0015 | Improper Privilege Management vulnerability in Google Android In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. | 4.4 |
| 2020-02-11 | CVE-2020-0757 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'. | 7.2 |
| 2020-02-11 | CVE-2020-0754 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 4.6 |
| 2020-02-11 | CVE-2020-0753 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 4.6 |