Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7782 | Improper Privilege Management vulnerability in Mozilla Firefox An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. | 5.3 |
| 2018-06-11 | CVE-2017-7767 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. | 5.5 |
| 2018-06-11 | CVE-2017-5409 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. | 5.5 |
| 2018-06-02 | CVE-2018-11190 | Improper Privilege Management vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | 8.8 |
| 2018-05-29 | CVE-2018-1495 | Improper Privilege Management vulnerability in IBM Flashsystem 840 Firmware and Flashsystem 900 Firmware IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. | 6.5 |
| 2018-05-25 | CVE-2018-1134 | Improper Privilege Management vulnerability in Moodle An issue was discovered in Moodle 3.x. | 6.5 |
| 2018-05-24 | CVE-2017-14187 | Improper Privilege Management vulnerability in Fortinet Fortios A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | 6.2 |
| 2018-05-22 | CVE-2018-11323 | Improper Privilege Management vulnerability in Joomla Joomla! An issue was discovered in Joomla! Core before 3.8.8. | 8.8 |
| 2018-05-18 | CVE-2018-1000400 | Improper Privilege Management vulnerability in Kubernetes Cri-O Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. | 8.8 |
| 2018-05-15 | CVE-2018-8841 | Improper Privilege Management vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. | 7.8 |