Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-1973 | Improper Privilege Management vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. | 7.2 |
| 2018-12-12 | CVE-2018-8619 | Improper Privilege Management vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
| 2018-12-12 | CVE-2018-10143 | Improper Privilege Management vulnerability in Paloaltonetworks Expedition 1.0.107 The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. | 9.8 |
| 2018-12-11 | CVE-2018-18344 | Improper Privilege Management vulnerability in multiple products Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. | 6.5 |
| 2018-12-10 | CVE-2018-1000866 | Improper Privilege Management vulnerability in multiple products A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM | 8.8 |
| 2018-12-10 | CVE-2018-1000865 | Improper Privilege Management vulnerability in multiple products A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed. | 8.8 |
| 2018-12-05 | CVE-2018-19608 | Improper Privilege Management vulnerability in ARM Mbed TLS Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. | 4.7 |
| 2018-12-05 | CVE-2018-1941 | Improper Privilege Management vulnerability in IBM Campaign IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. | 7.8 |
| 2018-12-04 | CVE-2018-19853 | Improper Privilege Management vulnerability in Hitshop Project Hitshop 20140715 An issue was discovered in hitshop through 2014-07-15. | 8.8 |
| 2018-11-27 | CVE-2018-11912 | Improper Privilege Management vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. | 7.8 |