Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-06 | CVE-2020-8275 | Improper Privilege Management vulnerability in Citrix Secure Mail Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. | 4.3 |
| 2021-01-04 | CVE-2020-36156 | Improper Privilege Management vulnerability in Ultimatemember Ultimate Member An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. | 8.8 |
| 2021-01-04 | CVE-2020-36155 | Improper Privilege Management vulnerability in Ultimatemember Ultimate Member An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. | 9.8 |
| 2020-12-27 | CVE-2020-8290 | Improper Privilege Management vulnerability in Backblaze Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary. | 7.8 |
| 2020-12-23 | CVE-2020-25194 | Improper Privilege Management vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. | 8.8 |
| 2020-12-22 | CVE-2020-25106 | Improper Privilege Management vulnerability in Supremocontrol Supremo 4.1.3.2348 Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename. | 7.8 |
| 2020-12-17 | CVE-2020-12519 | Improper Privilege Management vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. | 9.8 |
| 2020-12-15 | CVE-2020-29481 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 8.8 |
| 2020-12-14 | CVE-2020-8283 | Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops, Xenapp and Xendesktop An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | 8.8 |
| 2020-12-14 | CVE-2020-8258 | Improper Privilege Management vulnerability in Citrix Gateway Plug-In 12.158/13.061.48 Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. | 7.5 |