Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-0384 1Cisco 2Ios Ios Xe Apr 29, 2026 Mar 29, 2012 N/A· v4 7.2 HIGH· v3 8.5 HIGH· v2 Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA autho...Show more Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.Show less
CVE-2011-3054 2Google Opensuse 2Chrome Opensuse Apr 29, 2026 Mar 22, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2011-3898 1Google 1Chrome Apr 29, 2026 Nov 11, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a craft...Show more Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.Show less
CVE-2011-1526 5Debian FedoraprojectMit+2 more 7Debian Linux FedoraKrb5 Appl+4 more Apr 29, 2026 Jul 11, 2011 N/A· v4 N/A· v3 6.5 MEDIUM· v2 ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group acc...Show more ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.Show less
CVE-2010-4258 4Fedoraproject LinuxOpensuse+1 more 7Fedora Linux Enterprise DesktopLinux Enterprise Real Time Extension+4 more Apr 29, 2026 Dec 30, 2010 N/A· v4 N/A· v3 6.2 MEDIUM· v2 The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel...Show more The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.Show less
CVE-2010-4347 3Linux OpensuseSuse 3Linux Enterprise Real Time Extension Linux KernelOpensuse Apr 29, 2026 Dec 22, 2010 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables,...Show more The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.Show less
CVE-2010-3301 3Canonical LinuxSuse 3Linux Enterprise Real Time Extension Linux KernelUbuntu Linux Apr 29, 2026 Sep 22, 2010 N/A· v4 N/A· v3 7.2 HIGH· v2 The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is...Show more The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.Show less
CVE-2009-2848 8Canonical FedoraprojectLinux+5 more 12Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+9 more Apr 23, 2026 Aug 18, 2009 N/A· v4 N/A· v3 5.9 MEDIUM· v2 The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibl...Show more The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.Show less
CVE-2009-0080 1Microsoft 2Windows Server 2008 Windows Vista Apr 23, 2026 Apr 15, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the Loca...Show more The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability."Show less
CVE-2008-2931 5Canonical DebianLinux+2 more 6Debian Linux Linux KernelOpensuse+3 more Apr 23, 2026 Jul 9, 2008 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service b...Show more The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.Show less
CVE-2008-2271 1Site Documentation Project 1Site Documentation Apr 23, 2026 May 16, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain s...Show more The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.Show less
CVE-2007-2444 3Canonical DebianSamba 3Debian Linux SambaUbuntu Linux Apr 23, 2026 May 14, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that caus...Show more Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.Show less
CVE-2004-1349 2Gnu Oracle 2Gzip Solaris Apr 16, 2026 Oct 4, 2004 N/A· v4 N/A· v3 2.1 LOW· v2 gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
CVE-2002-0367 1Microsoft 2Windows 2000 Windows Nt Apr 16, 2026 Jun 25, 2002 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a han...Show more smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.Show less
CVE-2002-0080 2Redhat Samba 2Linux Rsync Apr 16, 2026 Mar 15, 2002 N/A· v4 N/A· v3 2.1 LOW· v2 rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be...Show more rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.Show less
CVE-2002-0049 1Microsoft 1Exchange Server Apr 16, 2026 Mar 8, 2002 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
CVE-1999-0084 1Sun 1Nfs Apr 16, 2026 May 1, 1990 N/A· v4 8.4 HIGH· v3 7.2 HIGH· v2 Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

Previous 1...135 136 137 138139