CWE-269
2,751 CVEs • Abstraction: Class • Likelihood of Exploit: Medium
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVEs (2,751)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Pulsesecure 1Secure Access Series Ssl Vpn Sa 4000 Nov 21, 2024 Dec 21, 2018 N/A· v4 8.8 HIGH· v3 4.0 MEDIUM· v2 Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1...Show more |
1F5 1Big Ip Application Acceleration Manager Nov 21, 2024 Dec 20, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. |
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties. |
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914. |
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability....Show more |
1Paloaltonetworks 1Expedition Nov 21, 2024 Dec 12, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreNov 21, 2024 Dec 11, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the lo...Show more |
2Jenkins Redhat2Openshift Container Platform Pipeline\Nov 21, 2024 Dec 10, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/...Show more |
2Jenkins Redhat2Openshift Container Platform Script SecurityNov 21, 2024 Dec 10, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to e...Show more |
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. |
IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382. |
An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is...Show more |
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. |
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. |
1Paessler 1Prtg Network Monitor Nov 21, 2024 Nov 21, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't...Show more |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreNov 21, 2024 Nov 14, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . |
1Intel 1Rapid Storage Technology Nov 21, 2024 Nov 14, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local acce...Show more |
1Sap 1Advanced Business Application Programming Nov 21, 2024 Nov 13, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user ma...Show more |
1Pivotal Software 1Operations Manager Nov 21, 2024 Nov 2, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation...Show more |
1F5 17Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+14 moreNov 21, 2024 Oct 31, 2018 N/A· v4 4.9 MEDIUM· v3 5.5 MEDIUM· v2 When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterp...Show more |