Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-04 | CVE-2018-8853 | Improper Privilege Management vulnerability in Philips products Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. | 8.8 |
| 2018-05-03 | CVE-2018-10168 | Improper Privilege Management vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. | 8.8 |
| 2018-05-02 | CVE-2018-0245 | Improper Privilege Management vulnerability in Cisco Wireless LAN Controller Software 8.3(133.0)/8.5(105.0) A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. | 5.3 |
| 2018-04-30 | CVE-2018-10550 | Improper Privilege Management vulnerability in Octopus Deploy In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. | 7.5 |
| 2018-04-20 | CVE-2018-10079 | Improper Privilege Management vulnerability in Vertiv Watchdog Console 3.2.2 Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml. | 7.8 |
| 2018-04-17 | CVE-2018-10190 | Improper Privilege Management vulnerability in Londontrustmedia Private Internet Access 77 A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. | 7.8 |
| 2018-04-16 | CVE-2018-10172 | Improper Privilege Management vulnerability in 7-Zip 7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. | 8.8 |
| 2018-04-13 | CVE-2018-4173 | Improper Privilege Management vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 5.5 |
| 2018-04-13 | CVE-2017-0358 | Improper Privilege Management vulnerability in multiple products Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. | 7.8 |
| 2018-04-03 | CVE-2017-5703 | Improper Privilege Management vulnerability in Intel products Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service. | 6.0 |