CWE-269
2,777 CVEs • Abstraction: Class • Likelihood of Exploit: Medium
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVEs (2,777)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions. |
1Schneider Electric 2Modbus Driver Suite Modbus Serial DriverNov 21, 2024 Aug 31, 2020 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is...Show more |
1Ibm 1Security Guardium Insights Nov 21, 2024 Aug 27, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force...Show more |
1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 moreNov 21, 2024 Aug 26, 2020 N/A· v4 6.8 MEDIUM· v3 4.0 MEDIUM· v2 In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. |
6Canonical DebianFedoraproject+3 more6Bind Debian LinuxFedora+3 moreNov 21, 2024 Aug 21, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has...Show more |
An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell. |
Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operation...Show more |
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic li...Show more |
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. |
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. |
3Canonical Net SnmpNetapp6Cloud Backup Hci Management NodeNet Snmp+3 moreNov 21, 2024 Aug 20, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. |
NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io cal...Show more |
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling...Show more |
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These crede...Show more |
1Microsoft 6Windows 10 Windows 8.1Windows Rt 8.1+3 moreFeb 23, 2026 Aug 17, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated at...Show more |
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. |
2Fedoraproject Trousers Project2Fedora TrousersNov 21, 2024 Aug 13, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to...Show more |
2Fedoraproject Trousers Project2Fedora TrousersNov 21, 2024 Aug 13, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. |
1Mcafee 1Data Loss Prevention Nov 21, 2024 Aug 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. |
1Zohocorp 1Manageengine Adselfservice Plus Nov 21, 2024 Aug 11, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allo...Show more |