Vulnerabilities > Improper Privilege Management
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-20 | CVE-2019-3466 | Improper Privilege Management vulnerability in multiple products The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. | 7.2 |
2019-11-19 | CVE-2011-3349 | Improper Privilege Management vulnerability in Lightdm Project Lightdm lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. | 7.2 |
2019-11-19 | CVE-2011-4954 | Improper Privilege Management vulnerability in Cobblerd Cobbler cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE | 7.2 |
2019-11-18 | CVE-2019-5688 | Improper Privilege Management vulnerability in Nvidia Gpumodeswitch, Nvflash and Nvuflash NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service. | 7.2 |
2019-11-15 | CVE-2018-18368 | Improper Privilege Management vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 4.6 |
2019-11-15 | CVE-2011-2910 | Improper Privilege Management vulnerability in multiple products The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. | 7.2 |
2019-11-14 | CVE-2019-15799 | Improper Privilege Management vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 9.0 |
2019-11-14 | CVE-2019-14590 | Improper Privilege Management vulnerability in multiple products Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2019-11-14 | CVE-2019-0142 | Improper Privilege Management vulnerability in Intel products Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.2 |
2019-11-14 | CVE-2019-15332 | Improper Privilege Management vulnerability in Lavamobiles Z61 Firmware The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2.1 |