Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,753)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-16519 1Eset 3Cyber Security Endpoint AntivirusEndpoint Security Nov 21, 2024 Oct 14, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks.
CVE-2019-9745 1Cloudcti 1Hip Integrator Recognition Configuration Tool Nov 21, 2024 Oct 14, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service (Recognition Update Client Service) via an insecure communication chan...Show more CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service (Recognition Update Client Service) via an insecure communication channel (Named Pipe). The data (JSON) sent via this channel is used to import data from CRM software using plugins (.dll files). The plugin to import data from the EXQUISE software (DatasourceExquiseExporter.dll) can be persuaded to start arbitrary programs (including batch files) that are executed using the same privileges as Recognition Update Client Service (NT AUTHORITY\SYSTEM), thus elevating privileges. This occurs because a higher-privileged process executes scripts from a directory writable by a lower-privileged user.Show less
CVE-2019-14838 1Redhat 4Data Grid Jboss Enterprise Application PlatformSingle Sign On+1 more Nov 21, 2024 Oct 14, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
CVE-2018-21025 1Centreon 1Centreon Vm Nov 21, 2024 Oct 8, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.
CVE-2019-15747 1Sitos 1Sitos Six Nov 21, 2024 Oct 7, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.
CVE-2019-4112 1Ibm 1Websphere Extreme Scale Nov 21, 2024 Sep 30, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.
CVE-2018-9425 1Google 1Android Nov 21, 2024 Sep 27, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...Show more In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967Show less
CVE-2019-14220 1Bluestacks 1Bluestacks Nov 21, 2024 Sep 24, 2019 N/A· v4 6.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in...Show more An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to readShow less
CVE-2019-11280 1Pivotal Software 1Pivotal Application Service Nov 21, 2024 Sep 20, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows user...Show more Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.Show less
CVE-2016-11011 1Usabilitydynamics 1Wp Invoice Nov 21, 2024 Sep 20, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
CVE-2016-11004 1Elegantthemes 1Monarch Nov 21, 2024 Sep 20, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.
CVE-2016-11003 1Elegantthemes 1Bloom Feb 4, 2026 Sep 20, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.
CVE-2016-11002 1Elegantthemes 1Extra Nov 21, 2024 Sep 20, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.
CVE-2015-9390 1Admin Management Xtended Project 1Admin Management Xtended Nov 21, 2024 Sep 20, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.
CVE-2019-4477 1Ibm 1Websphere Application Server Nov 21, 2024 Sep 17, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.
CVE-2016-10972 1Tagdiv 1Newspaper Nov 21, 2024 Sep 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
CVE-2016-10971 1Membersonic 1Membersonic Nov 21, 2024 Sep 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.
CVE-2016-10968 1Peepso 1Peepso Nov 21, 2024 Sep 16, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.
CVE-2019-1215 1Microsoft 16Windows 10 1507 Windows 10 1607Windows 10 1703+13 more Oct 29, 2025 Sep 11, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278,...Show more An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.Show less
CVE-2019-16202 1Misp 1Misp Nov 21, 2024 Sep 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted p...Show more MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.Show less

Previous 1...119120121...138 Next