Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-30 | CVE-2023-32696 | Improper Privilege Management vulnerability in Okfn Ckan CKAN is an open-source data management system for powering data hubs and data portals. | 8.8 |
| 2023-05-30 | CVE-2023-30601 | Improper Privilege Management vulnerability in Apache Cassandra 4.0.0/4.0.1/4.0.2 Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false. | 7.8 |
| 2023-05-22 | CVE-2023-31062 | Improper Privilege Management vulnerability in Apache Inlong Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. | 9.8 |
| 2023-05-20 | CVE-2023-1693 | Improper Privilege Management vulnerability in Huawei Emui and Harmonyos The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | 7.5 |
| 2023-05-20 | CVE-2023-1694 | Improper Privilege Management vulnerability in Huawei Emui and Harmonyos The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | 7.5 |
| 2023-05-12 | CVE-2023-29819 | Improper Privilege Management vulnerability in Webroot Secureanywhere An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. | 5.5 |
| 2023-05-09 | CVE-2020-23362 | Improper Privilege Management vulnerability in Yershop Project Yershop Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. | 7.1 |
| 2023-05-09 | CVE-2023-25834 | Improper Privilege Management vulnerability in Esri Portal for Arcgis Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. | 5.4 |
| 2023-05-04 | CVE-2023-22651 | Improper Privilege Management vulnerability in Suse Rancher Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. | 9.9 |
| 2023-04-28 | CVE-2023-1966 | Improper Privilege Management vulnerability in Illumina products Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. | 9.8 |