Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,755)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-10940 1Siemens 1Sinema Server Nov 21, 2024 Jan 16, 2020 N/A· v4 9.9 CRITICAL· v3 9.0 HIGH· v2 A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and ot...Show more A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known.Show less
CVE-2019-15012 1Atlassian 1Bitbucket Nov 21, 2024 Jan 15, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from vers...Show more Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance.Show less
CVE-2015-5072 1Bmc 1Remedy Ar System Server Nov 21, 2024 Jan 15, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.
CVE-2015-5071 1Bmc 1Remedy Ar System Server Nov 21, 2024 Jan 15, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servl...Show more AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.Show less
CVE-2014-6448 1Juniper 1Junos Nov 21, 2024 Jan 15, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.
CVE-2015-5466 1Sis 1Xgi Vga Display Manager Nov 21, 2024 Jan 15, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call.
CVE-2015-7556 1Delegate 1Delegate Nov 21, 2024 Jan 15, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.
CVE-2012-1563 1Joomla 1Joomla Nov 21, 2024 Jan 15, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Joomla! before 2.5.3 allows Admin Account Creation.
CVE-2020-0635 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Jan 14, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-06...Show more An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644.Show less
CVE-2012-4761 1Safend 1Data Protector Agent Nov 21, 2024 Jan 13, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.
CVE-2012-4760 1Safend 1Data Protector Agent Nov 21, 2024 Jan 13, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.
CVE-2020-6949 1Hashbrowncms 1Hashbrown Cms Nov 21, 2024 Jan 13, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.
CVE-2019-19728 3Debian OpensuseSchedmd 3Debian Linux LeapSlurm Nov 21, 2024 Jan 13, 2020 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.
CVE-2012-4767 1Safend 1Data Protector Agent Nov 21, 2024 Jan 13, 2020 N/A· v4 6.1 MEDIUM· v3 3.6 LOW· v2 An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied...Show more An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine.Show less
CVE-2013-6231 1Eng 1Spagobi Nov 21, 2024 Jan 10, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script
CVE-2019-19544 1Broadcom 1Ca Automic Dollar Universe Nov 21, 2024 Jan 8, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA...Show more CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015.Show less
CVE-2016-6590 1Symantec 4Encryption Desktop Endpoint EncryptionGhost Solution Suite+1 more Nov 21, 2024 Jan 8, 2020 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1...Show more A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.Show less
CVE-2019-14819 1Redhat 1Openshift Container Platform Nov 21, 2024 Jan 7, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw ca...Show more A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.Show less
CVE-2019-19585 1Rconfig 1Rconfig Nov 21, 2024 Jan 6, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries...Show more An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.Show less
CVE-2013-4161 2Fedoraproject Gksu Polkit Project 2Fedora Gksu Polkit Nov 21, 2024 Dec 31, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.

Previous 1...115116117...138 Next