CWE-266
903 CVEs • Abstraction: Base
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CVEs (903)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administra...Show more |
2Openbsd Oracle2Communications User Data Repository OpensshMay 28, 2026 Mar 18, 2014 N/A· v4 4.9 MEDIUM· v3 5.8 MEDIUM· v2 sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard c...Show more |
1Redhat 1Jboss Enterprise Application Platform May 14, 2026 Jan 5, 2013 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are...Show more |