Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-13 | CVE-2017-14380 | Improper Privilege Management vulnerability in EMC Isilon Onefs In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. | 6.7 |
| 2017-12-11 | CVE-2017-11319 | Improper Privilege Management vulnerability in Resolver Perspective 5.1.1.16 Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms. | 8.8 |
| 2017-12-07 | CVE-2017-17384 | Improper Privilege Management vulnerability in Ispconfig ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. | 8.8 |
| 2017-11-27 | CVE-2017-15055 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. | 8.1 |
| 2017-11-27 | CVE-2017-15053 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. | 4.9 |
| 2017-11-27 | CVE-2017-15052 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. | 4.9 |
| 2017-11-17 | CVE-2017-1000241 | Improper Privilege Management vulnerability in Open-Emr Openemr 5.0.1 The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. | 8.1 |
| 2017-11-14 | CVE-2017-12635 | Improper Privilege Management vulnerability in Apache Couchdb Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. | 9.8 |
| 2017-11-11 | CVE-2017-16520 | Improper Privilege Management vulnerability in Inedo Buildmaster Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | 7.5 |
| 2017-11-06 | CVE-2017-14031 | Improper Privilege Management vulnerability in Trihedral Vtscada An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. | 7.8 |