CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

926 vulnerabilities with CWE-266
CVE-2019-25249 CRITICAL
devolo dLAN 500 AV Wireless+ <3.1.0-1 - Auth Bypass
CVSS 9.8
CVE-2019-19354 HIGH
Red Hat Openshift 4 - Privilege Escalation
CVSS 7.8
CVE-2019-19353 HIGH
Red Hat Openshift 4 - Privilege Escalation
CVSS 7.0
CVE-2019-19352 HIGH
Red Hat Openshift 4 - Privilege Escalation
CVSS 7.0
CVE-2019-19350 HIGH
openshift/ansible-service-broker - Privilege Escalation
CVSS 7.8
CVE-2019-19349 HIGH
Red Hat Openshift 4 - Privilege Escalation
CVSS 7.8
CVE-2019-19348 HIGH
openshift/apb-base <4.3.5,4.2.21,4.1.37,3.11.188-4 - Privilege Esca...
CVSS 7.0
CVE-2019-19346 HIGH
openshift/mariadb-apb <4.3.5,4.2.21,4.1.37,3.11.188-4 - Privilege E...
CVSS 7.0
CVE-2019-19345 HIGH
openshift/mediawiki-apb <4.3.0 - Privilege Escalation
CVSS 7.0
CVE-2019-19355 HIGH
openshift/ocp-release-operator-sdk - Privilege Escalation
CVSS 7.0
CVE-2019-19351 HIGH
openshift/jenkins - Privilege Escalation
CVSS 7.0
CVE-2019-10940 CRITICAL
SINEMA Server < V14.0 SP2 Update 1 - Authenticated Privilege Escalation via Incorrect Session Validation
CVSS 9.9
CVE-2019-14819 HIGH
OpenShift Container Platform - Privilege Escalation via dockergc Service Account Assignment
CVSS 8.8
CVE-2019-11893 HIGH
Bosch Smart Home Controller <9.8.905 - Privilege Escalation
CVSS 8.0
CVE-2019-11891 HIGH
Bosch Smart Home Controller <9.8.905 - Privilege Escalation
CVSS 8.0
CVE-2019-10143 HIGH
Freeradius <3.0.19 - Privilege Escalation
CVSS 7.0
CVE-2019-3843 HIGH
systemd < 242 - Improper Privilege Management via DynamicUser Service SUID/SGID Binary
CVSS 7.8
CVE-2018-25148 HIGH
Microhard Systems IPn4G 1.1.0 - Authenticated RCE
CVSS 8.8
CVE-2018-1101 HIGH
Ansible Tower <3.2.4 - Privilege Escalation
CVSS 7.2
CVE-2018-1088 HIGH
Gluster Storage 3.x < 3.13.2 - Privilege Escalation via Snapshot Scheduler Symlink
CVSS 8.1
CVE-2017-20199 LOW
Buttercup buttercup-browser-extension <1.0.1 - Info Disclosure
CVSS 3.1
CVE-2017-12711 HIGH
Advantech WebAccess < 8.2 - Incorrect Privilege Assignment
CVSS 7.8
CVE-2016-7066 HIGH
JBoss Enterprise Application Platform <7.1.0 - Privilege Escalation
CVSS 7.8
CVE-2016-7070 HIGH
Ansible Tower < 3.0.3 - Privilege Escalation via PostgreSQL Trust Configuration
CVSS 8.0
CVE-2014-2532 MEDIUM
OpenSSH <6.6 - Privilege Escalation
CVSS 4.2
Details
Vulnerabilities 926
Links
MITRE CWE Entry Search this CWE With Exploits