Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-27 | CVE-2013-2625 | Improper Privilege Management vulnerability in multiple products An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. | 6.5 |
| 2019-11-26 | CVE-2019-7319 | Improper Privilege Management vulnerability in Cloudera CDH 6.0.0/6.0.1/6.1.0 An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. | 8.3 |
| 2019-11-26 | CVE-2017-7399 | Improper Privilege Management vulnerability in Cloudera Manager Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users. | 8.8 |
| 2019-11-26 | CVE-2015-7831 | Improper Privilege Management vulnerability in Cloudera CDH In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. | 8.8 |
| 2019-11-25 | CVE-2012-6639 | Improper Privilege Management vulnerability in multiple products An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. | 8.8 |
| 2019-11-25 | CVE-2019-13705 | Improper Privilege Management vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | 4.3 |
| 2019-11-25 | CVE-2019-13702 | Improper Privilege Management vulnerability in multiple products Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. | 7.8 |
| 2019-11-25 | CVE-2012-5617 | Improper Privilege Management vulnerability in multiple products gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation | 7.8 |
| 2019-11-20 | CVE-2019-3466 | Improper Privilege Management vulnerability in multiple products The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. | 7.8 |
| 2019-11-19 | CVE-2011-3349 | Improper Privilege Management vulnerability in Lightdm Project Lightdm lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. | 7.8 |