Vulnerabilities > Improper Privilege Management
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-11 | CVE-2020-5823 | Improper Privilege Management vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 4.6 |
2020-02-11 | CVE-2020-5822 | Improper Privilege Management vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 4.6 |
2020-02-11 | CVE-2020-5820 | Improper Privilege Management vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 4.6 |
2020-02-07 | CVE-2020-8808 | Improper Privilege Management vulnerability in Corsair Icue 3.12.118/3.20.80/3.23.66 The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace. | 7.2 |
2020-02-07 | CVE-2020-8126 | Improper Privilege Management vulnerability in UI Edgeswitch A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | 7.2 |
2020-02-07 | CVE-2020-8655 | Improper Privilege Management vulnerability in Eyesofnetwork 5.30 An issue was discovered in EyesOfNetwork 5.3. | 9.3 |
2020-02-06 | CVE-2015-2909 | Improper Privilege Management vulnerability in Netvu products Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. | 10.0 |
2020-02-06 | CVE-2016-9928 | Improper Privilege Management vulnerability in multiple products MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | 5.8 |
2020-02-04 | CVE-2015-3613 | Improper Privilege Management vulnerability in Fortinet Fortimanager A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | 7.5 |
2020-02-04 | CVE-2020-7221 | Improper Privilege Management vulnerability in Mariadb mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. | 7.2 |