Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-22 | CVE-2022-1108 | Improper Privilege Management vulnerability in Lenovo Thinkpad X1 Fold GEN 1 Firmware A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2022-04-19 | CVE-2021-3100 | Improper Privilege Management vulnerability in Amazon Log4Jhotpatch The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. | 8.8 |
| 2022-04-19 | CVE-2021-3101 | Improper Privilege Management vulnerability in Hotdog Project Hotdog Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. | 8.8 |
| 2022-04-19 | CVE-2022-0070 | Improper Privilege Management vulnerability in Amazon Log4Jhotpatch Incomplete fix for CVE-2021-3100. | 8.8 |
| 2022-04-19 | CVE-2022-0071 | Improper Privilege Management vulnerability in Hotdog Project Hotdog Incomplete fix for CVE-2021-3101. | 8.8 |
| 2022-04-15 | CVE-2022-20739 | Improper Privilege Management vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. | 7.3 |
| 2022-04-13 | CVE-2022-1332 | Improper Privilege Management vulnerability in Mattermost Server One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | 4.3 |
| 2022-04-12 | CVE-2022-23160 | Improper Privilege Management vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. | 4.3 |
| 2022-04-12 | CVE-2021-39797 | Improper Privilege Management vulnerability in Google Android 12.0/12.1 In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. | 7.8 |
| 2022-04-12 | CVE-2021-39807 | Improper Privilege Management vulnerability in Google Android In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. | 7.8 |