Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-20 | CVE-2019-3466 | Improper Privilege Management vulnerability in multiple products The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. | 7.8 |
| 2019-11-19 | CVE-2011-3349 | Improper Privilege Management vulnerability in Lightdm Project Lightdm lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. | 7.8 |
| 2019-11-19 | CVE-2011-4954 | Improper Privilege Management vulnerability in Cobblerd Cobbler cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE | 7.8 |
| 2019-11-15 | CVE-2018-18368 | Improper Privilege Management vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
| 2019-11-15 | CVE-2011-2910 | Improper Privilege Management vulnerability in multiple products The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. | 6.7 |
| 2019-11-14 | CVE-2019-15799 | Improper Privilege Management vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 8.8 |
| 2019-11-14 | CVE-2019-14590 | Improper Privilege Management vulnerability in multiple products Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2019-11-14 | CVE-2019-15332 | Improper Privilege Management vulnerability in Lavamobiles Z61 Firmware The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
| 2019-11-13 | CVE-2019-3651 | Improper Privilege Management vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | 8.8 |
| 2019-11-13 | CVE-2010-4664 | Improper Privilege Management vulnerability in multiple products In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. | 8.8 |