Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2020-08-21 CVE-2020-14215 Improper Privilege Management vulnerability in Zulip Server
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
network
low complexity
zulip CWE-269
7.5
2020-08-21 CVE-2020-14194 Improper Privilege Management vulnerability in Zulip Server
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
network
low complexity
zulip CWE-269
5.4
2020-08-20 CVE-2020-15862 Improper Privilege Management vulnerability in multiple products
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
local
low complexity
net-snmp canonical netapp CWE-269
7.8
2020-08-18 CVE-2020-7019 Improper Privilege Management vulnerability in Elastic Elasticsearch
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security.
network
low complexity
elastic CWE-269
6.5
2020-08-18 CVE-2020-7018 Improper Privilege Management vulnerability in Elastic Enterprise Search
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface.
network
low complexity
elastic CWE-269
8.8
2020-08-17 CVE-2020-1488 Improper Privilege Management vulnerability in Microsoft products
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges.
local
high complexity
microsoft CWE-269
7.0
2020-08-14 CVE-2015-8032 Improper Privilege Management vulnerability in Textpattern 4.5.7
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.
network
low complexity
textpattern CWE-269
5.3
2020-08-13 CVE-2020-24331 Improper Privilege Management vulnerability in multiple products
An issue was discovered in TrouSerS through 0.3.14.
local
low complexity
trousers-project fedoraproject CWE-269
7.8
2020-08-13 CVE-2020-24330 Improper Privilege Management vulnerability in multiple products
An issue was discovered in TrouSerS through 0.3.14.
local
low complexity
trousers-project fedoraproject CWE-269
7.8
2020-08-13 CVE-2020-7305 Improper Privilege Management vulnerability in Mcafee Data Loss Prevention
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.
network
low complexity
mcafee CWE-269
6.5