Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-03 | CVE-2017-1000156 | Improper Privilege Management vulnerability in Mahara Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role. | 6.5 |
| 2017-10-30 | CVE-2017-9450 | Improper Privilege Management vulnerability in Amazon web Services Cloudformation Bootstrap The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. | 7.8 |
| 2017-10-27 | CVE-2017-5084 | Improper Privilege Management vulnerability in Google Chrome OS Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. | 3.3 |
| 2017-10-26 | CVE-2017-15917 | Improper Privilege Management vulnerability in Paessler Prtg Network Monitor 17.3.33.2830 In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server. | 6.5 |
| 2017-10-23 | CVE-2017-14330 | Improper Privilege Management vulnerability in Extremenetworks Extremexos Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process. | 6.7 |
| 2017-10-23 | CVE-2017-14329 | Improper Privilege Management vulnerability in Extremenetworks Extremexos Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell. | 6.7 |
| 2017-10-19 | CVE-2017-10292 | Improper Privilege Management vulnerability in Oracle Database 11.2.0.4/12.1.0.2/12.2.0.1 Vulnerability in the RDBMS Security component of Oracle Database Server. | 2.3 |
| 2017-10-13 | CVE-2017-15014 | Improper Privilege Management vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. | 4.3 |
| 2017-10-13 | CVE-2017-15013 | Improper Privilege Management vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. | 8.8 |
| 2017-10-12 | CVE-2017-10857 | Improper Privilege Management vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | 4.3 |