Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-15331 | Improper Privilege Management vulnerability in F5 Big-Ip Application Acceleration Manager On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. | 7.8 |
| 2018-12-20 | CVE-2018-11965 | Improper Privilege Management vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties. | 7.8 |
| 2018-12-20 | CVE-2018-1973 | Improper Privilege Management vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. | 7.2 |
| 2018-12-12 | CVE-2018-8619 | Improper Privilege Management vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
| 2018-12-12 | CVE-2018-10143 | Improper Privilege Management vulnerability in Paloaltonetworks Expedition 1.0.107 The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. | 9.8 |
| 2018-12-11 | CVE-2018-18344 | Improper Privilege Management vulnerability in multiple products Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. | 6.5 |
| 2018-12-10 | CVE-2018-1000866 | Improper Privilege Management vulnerability in multiple products A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM | 8.8 |
| 2018-12-10 | CVE-2018-1000865 | Improper Privilege Management vulnerability in multiple products A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed. | 8.8 |
| 2018-12-05 | CVE-2018-19608 | Improper Privilege Management vulnerability in ARM Mbed TLS Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. | 4.7 |
| 2018-12-05 | CVE-2018-1941 | Improper Privilege Management vulnerability in IBM Campaign IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. | 7.8 |