Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,757)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-3812 3Canonical DebianNetqmail 3Debian Linux NetqmailUbuntu Linux Nov 21, 2024 May 26, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root...Show more qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.Show less
CVE-2020-8021 2Debian Opensuse 2Debian Linux Open Build Service Nov 21, 2024 May 19, 2020 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to...Show more a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.Show less
CVE-2019-17066 1Ivanti 1Workspace Control Nov 21, 2024 May 18, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when st...Show more In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.Show less
CVE-2020-12860 1Health 1Covidsafe Nov 21, 2024 May 18, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and po...Show more COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.Show less
CVE-2020-12798 1Sun Denshi 1Universal Forensic Extraction Device Firmware Nov 21, 2024 May 15, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication optio...Show more Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.Show less
CVE-2020-7291 1Mcafee 1Active Response Nov 21, 2024 May 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
CVE-2020-7290 1Mcafee 1Active Response Nov 21, 2024 May 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
CVE-2020-7289 1Mcafee 1Active Response Nov 21, 2024 May 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access t...Show more Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.Show less
CVE-2020-7288 1Mcafee 1Endpoint Detection And Response Nov 21, 2024 May 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been grant...Show more Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.Show less
CVE-2020-7287 1Mcafee 1Endpoint Detection And Response Nov 21, 2024 May 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been gra...Show more Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.Show less
CVE-2020-7286 1Mcafee 1Endpoint Detection And Response Nov 21, 2024 May 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been g...Show more Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.Show less
CVE-2020-7285 1Mcafee 1Mvision Endpoint Nov 21, 2024 May 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
CVE-2020-7267 1Mcafee 1Virusscan Enterprise Nov 21, 2024 May 8, 2020 N/A· v4 8.4 HIGH· v3 3.6 LOW· v2 Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic lin...Show more Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.Show less
CVE-2020-7266 1Mcafee 1Virusscan Enterprise Nov 21, 2024 May 8, 2020 N/A· v4 8.4 HIGH· v3 3.6 LOW· v2 Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symb...Show more Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.Show less
CVE-2020-7265 1Mcafee 1Endpoint Security Nov 21, 2024 May 8, 2020 N/A· v4 8.4 HIGH· v3 3.6 LOW· v2 Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a Mc...Show more Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.Show less
CVE-2020-7264 1Mcafee 1Endpoint Security Nov 21, 2024 May 8, 2020 N/A· v4 8.4 HIGH· v3 3.6 LOW· v2 Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic link...Show more Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.Show less
CVE-2020-6652 1Eaton 1Intelligent Power Manager Nov 21, 2024 May 7, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result...Show more Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters.Show less
CVE-2020-12689 2Canonical Openstack 2Keystone Ubuntu Linux Nov 21, 2024 May 7, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such...Show more An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.Show less
CVE-2019-4266 1Ibm 1Maximo Anywhere Nov 21, 2024 May 6, 2020 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199.
CVE-2019-19216 1Bmcsoftware 1Control M/agent Nov 21, 2024 Apr 30, 2020 N/A· v4 8.8 HIGH· v3 8.5 HIGH· v2 BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy.

Previous 1...109110111...138 Next