CWE-269
2,751 CVEs • Abstraction: Class • Likelihood of Exploit: Medium
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVEs (2,751)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile...Show more |
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. |
2Fedoraproject Redhat2Enterprise Linux SssdNov 21, 2024 Mar 25, 2019 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of d...Show more |
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. |
In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms. |
An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option. |
1F5 1Big Ip Application Acceleration Manager Nov 21, 2024 Mar 13, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper sc...Show more |
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed...Show more |
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI. |
A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vuln...Show more |
1Adobe 2Acrobat Dc Acrobat Reader DcNov 21, 2024 Mar 5, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escal...Show more |
1Qualcomm 30Mdm9150 Firmware Mdm9615 FirmwareMdm9625 Firmware+27 moreNov 21, 2024 Feb 25, 2019 N/A· v4 7.1 HIGH· v3 6.6 MEDIUM· v2 Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions M...Show more |
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr...Show more |
4Debian FedoraprojectGoogle+1 more6Chrome Debian LinuxEnterprise Linux Desktop+3 moreNov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chr...Show more |
1Draeger 4Delta Xl Firmware Infinity Delta FirmwareInfinity Explorer C700 Firmware+1 moreNov 21, 2024 Jan 28, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the...Show more |
2Broadcom Ca2Service Desk Manager Service Desk ManagerNov 21, 2024 Jan 22, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. |
In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only...Show more |
4Canonical NetappRedhat+1 more5Active Iq Performance Analytics Services Element SoftwareEnterprise Linux+2 moreNov 21, 2024 Jan 14, 2019 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attack...Show more |
Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors. |
Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulner...Show more |