CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269
CVE-2014-1520
Firefox < 29.0 - Privilege Escalation via Trojan Horse DLL in Maintenance Service Installer
CVE-2014-1511 CRITICAL
Mozilla Firefox < 28.0 - Popup Blocker Bypass
CVSS 9.8
CVE-2014-1510 CRITICAL
Firefox < 28.0 - Remote Code Execution via Web IDL Fragment
CVSS 9.8
CVE-2014-1496 MEDIUM
Mozilla Firefox < 28.0 - Privilege Escalation via Modified Mar Contents During Update
CVSS 5.5
CVE-2013-10052 HIGH
ZPanel - Local Privilege Escalation via zsudo Sudoers Misconfiguration
CVE-2013-4536 HIGH
qemu < 1.5.3 - Privilege Escalation via SaveVM Data Corruption
CVSS 7.8
CVE-2013-6295 CRITICAL
PrestaShop 1.5.5 - Privilege Escalation via Salesman Account Upload Module
CVSS 9.8
CVE-2013-3323 CRITICAL
IBM Maximo Asset Mgmt <7.5-6.2 - Privilege Escalation
CVSS 9.8
CVE-2013-4583 HIGH
GitLab <5.4.2/6.2.4/6.2.1 - Privilege Escalation
CVSS 8.8
CVE-2013-6773 HIGH
Splunk 5.0-5.0.3 - Privilege Escalation via Unquoted Service Path
CVSS 7.8
CVE-2013-6231 HIGH
SpagoBI < 4.1 - Privilege Escalation via AdapterHTTP Script
CVSS 8.8
CVE-2013-4161 HIGH
gksu-polkit - Improper Privilege Management
CVSS 7.8
CVE-2013-2016 HIGH
qemu 1.3.0-1.4.2 - Privilege Escalation via Virtio Device Config Space Address Validation
CVSS 7.8
CVE-2013-5027 CRITICAL
Collabtive 1.0 - Improper Privilege Management
CVSS 9.8
CVE-2013-4975 HIGH
Hikvision DS-2CD7153-E - Privilege Escalation
CVSS 8.8
CVE-2013-4867 MEDIUM
Electronic Arts Karotz Smart Rabbit <12.07.19.00 - Code Injection
CVSS 6.3
CVE-2013-0293 HIGH
oVirt Node - Privilege Escalation via Lock Screen F2 Bypass
CVSS 7.8
CVE-2013-2625 MEDIUM
OTRS Help Desk <3.2.4-3.0.19 - Auth Bypass
CVSS 6.5
CVE-2013-4251 HIGH
scipy < 0.12.1 - Insecure Temporary Directory Creation in scipy.weave
CVSS 7.8
CVE-2013-2012 HIGH
autojump < 21.5.8 - Privilege Escalation via Trojan Horse Custom Install Directory
CVSS 7.3
CVE-2013-7421
Linux kernel <3.18.5 - Local Privilege Escalation
CVE-2013-6391
OpenStack Keystone < 2013.2.1 - Privilege Escalation via EC2 Tokens API
CVE-2013-0643 HIGH KEV
Adobe Flash Player <10.3.183.67-11.6.602.171 - RCE
CVSS 8.8
CVE-2012-10022 HIGH
Kloxo <6.1.12 - Privilege Escalation
CVE-2012-6302 HIGH
Soapbox < 0.3.1 - Sandbox Bypass via Nested Instance
CVSS 7.8
Details
Vulnerabilities 2,838
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits