CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269

CVE-2018-10853 HIGH

Linux kernel KVM <4.18 - Privilege Escalation

CVSS 7.0

CVE-2018-10514 HIGH

Trend Micro Security <2018 - Privilege Escalation

CVSS 7.8

CVE-2018-15912 HIGH

Manjaro Linux < 20180716-1 - Improper Privilege Management via manjaro-update-system.sh

CVSS 7.8

CVE-2018-14791 HIGH

Emerson DeltaV DCS <R5 - Privilege Escalation

CVSS 7.8

CVE-2018-14787 HIGH

Philips IntelliSpace Cardiovascular <2.x - Privilege Escalation

CVSS 7.8

CVE-2018-1000648 HIGH

LibreHealthIO lh-ehr REL-2.0.0 - Auth Bypass

CVSS 8.8

CVE-2018-1000634 HIGH

OMERO.server <5.4.6 - Privilege Escalation

CVSS 7.2

CVE-2018-0428 MEDIUM

Cisco Web Security Appliance - Authenticated Privilege Escalation to Root via CLI Subshell Escape

CVSS 6.7

CVE-2018-14836 MEDIUM

Subrion 4.2.1 - Privilege Escalation

CVSS 6.5

CVE-2018-1999032 MEDIUM

Agiletestware Pangolin Connector For Testrail < 2.1 - Improper Privilege Management

CVSS 6.5

CVE-2018-0613 HIGH

NEC Platforms Calsos CSDX and CSDJ Firmware - Authenticated Privilege Escalation

CVSS 8.8

CVE-2018-10906 MEDIUM

fuse < 2.9.8 and 3.x < 3.2.5 - Privilege Escalation via fusermount SELinux Bypass

CVSS 5.3

CVE-2018-0343 HIGH

Cisco SD-WAN Solution < 18.3.0 - Authenticated Remote Code Execution or Denial of Service via HTTP Management Interface

CVSS 8.8

CVE-2018-0024 HIGH

Juniper Junos OS - Authenticated Privilege Escalation via Shell Session

CVSS 7.8

CVE-2018-3682 HIGH

Intel BMC Firmware - Unauthorized SMBUS Read/Write via Improper Privilege Management

CVSS 8.2

CVE-2018-9853 CRITICAL

freeSSHd 1.3.1 - Privilege Escalation via Unprivileged Account Login

CVSS 9.8

CVE-2018-5884 HIGH

Snapdragon Mobile/Snapdragon Wear - Info Disclosure

CVSS 8.4

CVE-2018-13405 HIGH

Linux Kernel < 3.16 - Privilege Escalation via SGID Directory Inode Initialization

CVSS 7.8

CVE-2018-9334 MEDIUM

PAN-OS <= 6.1.20, <= 7.1.16, <= 8.0.8, 8.1.0 - GlobalProtect Password Hash Exposure via HTML Manipulation

CVSS 5.5

CVE-2018-4845 HIGH

Siemens RAPIDPoint 400/500 and RAPIDLab 1200 Firmware - Authenticated Privilege Escalation via Remote View Feature

CVSS 8.8

CVE-2018-1000503 MEDIUM

MyBB < 1.8.15 - Incorrect Access Control in Private Forums via IDOR

CVSS 4.3

CVE-2018-0610 HIGH

zenphoto < 1.4.14 - Authenticated Local File Inclusion

CVSS 7.2

CVE-2018-0573 MEDIUM

baserCMS < 3.0.15 and < 3.0.16 - Unauthenticated Access Restriction Bypass

CVSS 5.3

CVE-2018-0566 MEDIUM

Cybozu Office 10.0.0-10.8.0 - Authenticated Privilege Escalation via Schedule Access Bypass

CVSS 4.3

CVE-2018-12884 MEDIUM

Octopus Deploy <2018.6.7 - Privilege Escalation

CVSS 6.5

Details

Vulnerabilities 2,838

Exploit Likelihood Medium

Links