Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-1698 | Improper Privilege Management vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
| 2021-02-23 | CVE-2021-26594 | Improper Privilege Management vulnerability in Rangerstudio Directus In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. | 8.8 |
| 2021-02-23 | CVE-2021-25630 | Improper Privilege Management vulnerability in Collaboraoffice Online "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. | 7.2 |
| 2021-02-19 | CVE-2020-27997 | Improper Privilege Management vulnerability in Smartstore Smartstorenet An issue was discovered in SmartStoreNET before 4.1.0. | 6.8 |
| 2021-02-19 | CVE-2020-36251 | Improper Privilege Management vulnerability in Owncloud ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | 4.0 |
| 2021-02-19 | CVE-2020-36246 | Improper Privilege Management vulnerability in Amaze File Manager Project Amaze File Manager Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | 7.2 |
| 2021-02-16 | CVE-2021-20075 | Improper Privilege Management vulnerability in Racom M!Dge Firmware 4.4.40.105 Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. | 7.2 |
| 2021-02-16 | CVE-2020-11635 | Improper Privilege Management vulnerability in Zscaler Client Connector The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. | 7.2 |
| 2021-02-16 | CVE-2020-35557 | Improper Privilege Management vulnerability in multiple products An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation. | 6.5 |
| 2021-02-15 | CVE-2020-29031 | Improper Privilege Management vulnerability in Secomea products An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. | 5.5 |