CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269
CVE-2017-5624 CRITICAL
OxygenOS < 4.0.2 - Persistent Privilege Escalation via Fastboot dm-verity Disable
CVSS 9.8
CVE-2017-1150 LOW
IBM DB2 10.1 10.5 11.1 - Authenticated Improper Privilege Management
CVSS 3.1
CVE-2017-6401 HIGH
Veritas NetBackup < 8.0 and NetBackup Appliance < 3.0 - Local Command Execution via bpcd and bpnbat
CVSS 7.8
CVE-2017-6342 CRITICAL
Dahua NVR 3.210.0001.10, Camera 2.400.0000.28.R, SmartPSS 1.16.1 - Unauthenticated Admin Login
CVSS 9.8
CVE-2017-0310 MEDIUM
NVIDIA GPU Display Driver - Denial of Service via Kernel Mode Layer Handler
CVSS 6.5
CVE-2017-5142 CRITICAL
Honeywell XL Web II controller <XL1000C500 - Privilege Escalation
CVSS 9.1
CVE-2017-5940 HIGH
Firejail 0.9.38-0.9.38.9 LTS and 0.9.40-0.9.44.5 - Sandbox Escape via Symlink and --private Option
CVSS 8.8
CVE-2017-5572 MEDIUM
Citrix XenServer - Authenticated Database Corruption via Host Database Manipulation
CVSS 6.5
CVE-2017-3257 MEDIUM
Oracle MySQL Server <= 5.6.34 and <= 5.7.16 - Denial of Service in InnoDB
CVSS 6.5
CVE-2016-15045 HIGH
lastore-daemon <0.9.66-1 - Privilege Escalation
CVE-2016-15002 HIGH
MONyog Ultimate 6.63 - Privilege Escalation
CVSS 7.3
CVE-2016-9928 HIGH
mcabber < 1.0.4 - Improper Privilege Management via Crafted XMPP Packets
CVSS 7.4
CVE-2016-6590 HIGH
Symantec IT Management Suite <8.0 HF4 & Suite 7.6 <7.6 HF7 - Privil...
CVSS 7.8
CVE-2016-11011 MEDIUM
WP-Invoice < 4.1.1 - Privilege Escalation via wpi_update_user_option
CVSS 6.5
CVE-2016-11004 HIGH
Elegant Themes Monarch < 1.2.7 - Privilege Escalation
CVSS 8.8
CVE-2016-11003 HIGH
Bloom < 1.1.1 - Privilege Escalation
CVSS 8.8
CVE-2016-11002 HIGH
Elegant Themes Extra < 1.2.4 - Privilege Escalation
CVSS 8.8
CVE-2016-10972 CRITICAL
Newspaper < 6.7.2 - Improper Privilege Management via td_ajax_update_panel
CVSS 9.8
CVE-2016-10971 CRITICAL
MemberSonic Lite < 1.302 - Unauthenticated Login Bypass via Email Address
CVSS 9.8
CVE-2016-10968 HIGH
PeepSo < 1.6.1 - Privilege Escalation via Profile Preferences Save
CVSS 8.8
CVE-2016-9489 HIGH
ManageEngine Applications Manager 12-13 < 13200 - Authenticated Privilege Escalation via User Property Manipulation
CVSS 8.8
CVE-2016-0732 HIGH
Pivotal Cloud Foundry <229 - Privilege Escalation
CVSS 8.8
CVE-2016-8219 MEDIUM
Cloud Foundry Foundation <250 - Privilege Escalation
CVSS 6.5
CVE-2016-2192 MEDIUM
PostgreSQL PL/Java < 1.4.3 - Authenticated Privilege Escalation via Type Mapping Alteration
CVSS 6.5
CVE-2016-0767 MEDIUM
PostgreSQL PL/Java <1.5.0 - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities 2,838
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits