Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-05 | CVE-2018-19608 | Improper Privilege Management vulnerability in ARM Mbed TLS Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. | 4.7 |
| 2018-12-05 | CVE-2018-1941 | Improper Privilege Management vulnerability in IBM Campaign IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. | 7.8 |
| 2018-12-04 | CVE-2018-19853 | Improper Privilege Management vulnerability in Hitshop Project Hitshop 20140715 An issue was discovered in hitshop through 2014-07-15. | 8.8 |
| 2018-11-27 | CVE-2018-11912 | Improper Privilege Management vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. | 7.8 |
| 2018-11-27 | CVE-2018-11911 | Improper Privilege Management vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. | 7.8 |
| 2018-11-21 | CVE-2018-19411 | Improper Privilege Management vulnerability in Paessler Prtg Network Monitor PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | 8.8 |
| 2018-11-14 | CVE-2018-6080 | Improper Privilege Management vulnerability in multiple products Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . | 6.5 |
| 2018-11-14 | CVE-2018-3635 | Improper Privilege Management vulnerability in Intel Rapid Storage Technology Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. | 7.8 |
| 2018-11-13 | CVE-2018-2481 | Improper Privilege Management vulnerability in SAP Advanced Business Application Programming In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. | 7.2 |
| 2018-11-02 | CVE-2018-15762 | Improper Privilege Management vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. | 8.8 |