Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-24 | CVE-2019-1454 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 3.6 |
| 2020-01-24 | CVE-2018-8654 | Improper Privilege Management vulnerability in Microsoft Dynamics 365 8.0 An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | 4.0 |
| 2020-01-24 | CVE-2012-6302 | Improper Privilege Management vulnerability in Soapbox Project Soapbox 0.3.1 Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. | 7.2 |
| 2020-01-23 | CVE-2012-4606 | Improper Privilege Management vulnerability in Citrix Xenserver Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | 4.6 |
| 2020-01-23 | CVE-2020-7941 | Improper Privilege Management vulnerability in Plone A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | 7.5 |
| 2020-01-23 | CVE-2020-7938 | Improper Privilege Management vulnerability in Plone 5.2.0/5.2.1 plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. | 6.5 |
| 2020-01-23 | CVE-2019-18899 | Improper Privilege Management vulnerability in multiple products The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. | 5.5 |
| 2020-01-23 | CVE-2019-17202 | Improper Privilege Management vulnerability in Fasttracksoftware Admin BY Request FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. | 7.8 |
| 2020-01-23 | CVE-2013-6773 | Improper Privilege Management vulnerability in Splunk Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | 4.6 |
| 2020-01-22 | CVE-2018-16272 | Improper Privilege Management vulnerability in Samsung products The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. | 7.5 |