Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-18 | CVE-2018-9021 | Improper Privilege Management vulnerability in Broadcom Privileged Access Manager An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | 9.8 |
| 2018-06-16 | CVE-2018-5756 | Improper Privilege Management vulnerability in Open-Xchange Appsuite The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks. | 4.3 |
| 2018-06-15 | CVE-2018-1460 | Improper Privilege Management vulnerability in IBM Puredata System for Analytics 1.0.0 IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. | 7.8 |
| 2018-06-12 | CVE-2018-12261 | Improper Privilege Management vulnerability in Apollotechnologiesinc Momentum Axel 720P Firmware 5.1.8 An issue was discovered on Momentum Axel 720P 5.1.8 devices. | 4.4 |
| 2018-06-11 | CVE-2018-5166 | Improper Privilege Management vulnerability in multiple products WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. | 7.5 |
| 2018-06-11 | CVE-2017-7803 | Improper Privilege Management vulnerability in multiple products When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. | 7.5 |
| 2018-06-11 | CVE-2017-7782 | Improper Privilege Management vulnerability in Mozilla Firefox An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. | 5.3 |
| 2018-06-11 | CVE-2017-7767 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. | 5.5 |
| 2018-06-11 | CVE-2017-5409 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. | 5.5 |
| 2018-06-02 | CVE-2018-11190 | Improper Privilege Management vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | 8.8 |