CWE-269
2,753 CVEs • Abstraction: Class • Likelihood of Exploit: Medium
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVEs (2,753)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions. |
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be ob...Show more |
IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774. |
mom creates world-writable pid files in /var/run |
An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploite...Show more |
1F5 1Big Ip Access Policy Manager Nov 21, 2024 Nov 27, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5 may allow unprivileged users to access files owned by root. |
3Debian OpensuseOtrs5Debian Linux FaqOpensuse+2 moreNov 21, 2024 Nov 27, 2019 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not ver...Show more |
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAu...Show more |
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users. |
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. |
3Canonical DebianSuse3Cloud Init Debian LinuxLinux Enterprise ServerNov 21, 2024 Nov 25, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. |
2Google Opensuse2Backports ChromeNov 21, 2024 Nov 25, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. |
2Google Opensuse2Backports Sle ChromeNov 21, 2024 Nov 25, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. |
2Fedoraproject Gksu Polkit Project2Fedora Gksu PolkitNov 21, 2024 Nov 25, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation |
3Canonical DebianPostgresql3Debian Linux Postgresql CommonUbuntu LinuxNov 21, 2024 Nov 20, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. |
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privile...Show more |
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE |
1Symantec 1Endpoint Protection Manager Nov 21, 2024 Nov 15, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application...Show more |
2Debian Linux Ax252Ax25 Tools Debian LinuxNov 21, 2024 Nov 15, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with...Show more |
1Zyxel 9Gs1900 10hp Firmware Gs1900 16 FirmwareGs1900 24 Firmware+6 moreNov 21, 2024 Nov 14, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged...Show more |