A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
64 vulnerabilities with CWE-267
CVE-2023-27895
MEDIUM
SAP Authenticator for Android -1.3.0 - Info Disclosure
CVSS 6.1
CVE-2022-38124
MEDIUM
Secomea SiteManager - Privilege Escalation
CVSS 5.7
CVE-2021-44547
CRITICAL
Odoo 15.0 - Authenticated Remote Code Execution via Sandboxing Issue
CVSS 9.1
CVE-2021-44476
MEDIUM
Odoo < 15.0 - Authenticated Local File Read via Sandboxing Issue
CVSS 6.8
CVE-2021-23186
HIGH
Odoo < 15.0 - Authenticated Privilege Escalation via Multi-Tenant Database Access
CVSS 8.7
CVE-2021-23166
HIGH
Odoo < 15.0 - Authenticated Arbitrary File Read and Write via Sandbox Bypass
CVSS 8.7
CVE-2021-40354
HIGH
Teamcenter Visualization < 12.4.0.8 - Improper Privilege Management via Surrogate Functionality
CVSS 7.1
CVE-2021-32739
HIGH
Icinga <2.12.4 - Privilege Escalation
CVSS 8.8
CVE-2020-29396
HIGH
Odoo 11.0-13.0 - Authenticated Remote Code Execution via Sandboxing Issue
CVSS 8.8
CVE-2020-7824
MEDIUM
iPECS 1.0.0-1.0.34 - Authenticated Privilege Escalation via Session Cookie Manipulation
CVSS 6.5
CVE-2019-10170
MEDIUM
Keycloak < 8.0.0 - Authenticated Remote Code Execution via Realm Management Script Policy
CVSS 6.6
CVE-2019-10169
MEDIUM
Keycloak < 8.0.0 - Authenticated Remote Code Execution via UMA Policy Script Injection
CVSS 6.6
CVE-2019-14865
MEDIUM
GRUB2 - Denial of Service via grub2-set-bootflag Utility
CVSS 5.9
CVE-2017-2616
MEDIUM
util-linux < 2.32.1 - Authenticated Race Condition via su Child Process Handling
CVSS 5.5
Details
Vulnerabilities
64