Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2018-10-01 CVE-2015-9267 Improper Privilege Management vulnerability in multiple products
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files.
local
low complexity
nullsoft debian CWE-269
5.5
2018-09-26 CVE-2018-1550 Improper Privilege Management vulnerability in IBM products
IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users.
local
low complexity
ibm CWE-269
5.5
2018-09-18 CVE-2018-11786 Improper Privilege Management vulnerability in Apache Karaf
In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access.
network
low complexity
apache CWE-269
8.8
2018-09-11 CVE-2018-10853 Improper Privilege Management vulnerability in multiple products
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor.
local
low complexity
canonical debian linux CWE-269
7.8
2018-08-30 CVE-2018-10514 Improper Privilege Management vulnerability in Trendmicro products
A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations.
local
low complexity
trendmicro CWE-269
7.8
2018-08-29 CVE-2018-15912 Improper Privilege Management vulnerability in Manjaro Linux
An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux.
local
low complexity
manjaro CWE-269
7.8
2018-08-23 CVE-2018-14791 Improper Privilege Management vulnerability in Emerson Deltav
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.
local
low complexity
emerson CWE-269
7.8
2018-08-22 CVE-2018-14787 Improper Privilege Management vulnerability in Philips Intellispace Cardiovascular and Xcelera
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions.
local
low complexity
philips CWE-269
7.8
2018-08-20 CVE-2018-1000648 Improper Privilege Management vulnerability in Librehealth EHR 2.0.0
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution.
network
low complexity
librehealth CWE-269
8.8
2018-08-20 CVE-2018-1000634 Improper Privilege Management vulnerability in Openmicroscopy Omero
The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator.
network
low complexity
openmicroscopy CWE-269
7.2