Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-11911 | Improper Privilege Management vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. | 7.8 |
| 2018-11-21 | CVE-2018-19411 | Improper Privilege Management vulnerability in Paessler Prtg Network Monitor PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | 8.8 |
| 2018-11-14 | CVE-2018-6080 | Improper Privilege Management vulnerability in multiple products Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . | 6.5 |
| 2018-11-14 | CVE-2018-3635 | Improper Privilege Management vulnerability in Intel Rapid Storage Technology Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. | 7.8 |
| 2018-11-13 | CVE-2018-2481 | Improper Privilege Management vulnerability in SAP Advanced Business Application Programming In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. | 7.2 |
| 2018-11-02 | CVE-2018-15762 | Improper Privilege Management vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. | 8.8 |
| 2018-10-31 | CVE-2018-15321 | Improper Privilege Management vulnerability in F5 products When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. | 4.9 |
| 2018-10-23 | CVE-2018-14828 | Improper Privilege Management vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | 7.8 |
| 2018-10-23 | CVE-2018-13400 | Improper Privilege Management vulnerability in Atlassian Jira Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | 4.7 |
| 2018-10-15 | CVE-2018-15592 | Improper Privilege Management vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. | 7.8 |