Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-13 | CVE-2021-25250 | Improper Privilege Management vulnerability in Trendmicro Apex ONE and Officescan An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. | 7.2 |
| 2021-04-12 | CVE-2020-15390 | Improper Privilege Management vulnerability in Pega Platform 8.4.0.237 pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. | 7.5 |
| 2021-04-09 | CVE-2021-25363 | Improper Privilege Management vulnerability in Google Android An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. | 3.6 |
| 2021-04-09 | CVE-2021-25362 | Improper Privilege Management vulnerability in Google Android 10.0/8.1/9.0 An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. | 3.6 |
| 2021-04-09 | CVE-2021-20021 | Improper Privilege Management vulnerability in Sonicwall Email Security and Hosted Email Security A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | 7.5 |
| 2021-04-09 | CVE-2021-30152 | Improper Privilege Management vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. | 4.3 |
| 2021-04-08 | CVE-2020-23426 | Improper Privilege Management vulnerability in Zzcms 201910 zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. | 7.5 |
| 2021-04-07 | CVE-2021-26758 | Improper Privilege Management vulnerability in Litespeedtech Openlitespeed 1.7.8 Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. | 9.0 |
| 2021-04-06 | CVE-2021-20334 | Improper Privilege Management vulnerability in Mongodb Compass A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. | 4.6 |
| 2021-04-05 | CVE-2021-24207 | Improper Privilege Management vulnerability in Themeum WP Page Builder By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. | 4.0 |