Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-05 | CVE-2018-19725 | Improper Privilege Management vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. | 9.8 |
| 2019-02-25 | CVE-2018-5839 | Improper Privilege Management vulnerability in Qualcomm products Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS605, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SXR1130. | 7.1 |
| 2019-02-20 | CVE-2019-3475 | Improper Privilege Management vulnerability in Microfocus Filr 3.0 A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. | 7.8 |
| 2019-02-19 | CVE-2019-5768 | Improper Privilege Management vulnerability in multiple products DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. | 6.5 |
| 2019-01-15 | CVE-2017-6924 | Improper Privilege Management vulnerability in Drupal In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. | 7.4 |
| 2019-01-14 | CVE-2018-16888 | Improper Privilege Management vulnerability in multiple products It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. | 4.7 |
| 2019-01-09 | CVE-2018-0671 | Improper Privilege Management vulnerability in MNC Inplc-Rt 3.08 Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors. | 6.7 |
| 2018-12-28 | CVE-2018-1000624 | Improper Privilege Management vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. | 7.5 |
| 2018-12-21 | CVE-2018-20193 | Improper Privilege Management vulnerability in Pulsesecure Secure Access Series SSL VPN Sa-4000 4.2/5.1R5 Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). | 8.8 |
| 2018-12-20 | CVE-2018-15331 | Improper Privilege Management vulnerability in F5 Big-Ip Application Acceleration Manager On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. | 7.8 |