CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269
CVE-2012-4606 HIGH
Citrix XenServer - Privilege Escalation
CVSS 7.8
CVE-2012-1563 HIGH
Joomla! < 2.5.3 - Unauthenticated Admin Account Creation
CVSS 7.5
CVE-2012-4761 HIGH
Safend Data Protector Agent <3.4.5586.9772 - Privilege Escalation
CVSS 7.8
CVE-2012-4760 HIGH
Safend Data Protector Agent <3.4.5586.9772 - Privilege Escalation
CVSS 7.8
CVE-2012-4767 MEDIUM
Safend Data Protector Agent <3.4.5586.9772 - Info Disclosure
CVSS 6.1
CVE-2012-5663 HIGH
isearch <1.47.01nb1 - Info Disclosure
CVSS 7.5
CVE-2012-2312 HIGH
JBoss Application Server - Elevated Privileges via Security Context Reuse
CVSS 7.8
CVE-2012-2148 LOW
JBoss Community Application Server - Improper Privilege Management via Property Replacements
CVSS 3.3
CVE-2012-1615 HIGH
Fedoraproject Sectool - Privilege Escalation via Incorrect DBus File
CVSS 7.8
CVE-2012-1104 MEDIUM
phpCAS 1.2.2 - Security Bypass via Proxy Service Management
CVSS 5.3
CVE-2012-4480 HIGH
ovirt mom < 0.3.0-1 - Improper Privilege Management via World-Writable PID Files
CVSS 7.8
CVE-2012-6639 HIGH
cloud-init < 0.7.0 - Privilege Escalation via EC2 Instance Data Request
CVSS 8.8
CVE-2012-5617 HIGH
gksu-polkit - Privilege Escalation via Permissive PolicyKit Policy Configuration
CVSS 7.8
CVE-2012-5376 CRITICAL
Google Chrome <22.0.1229.94 - Privilege Escalation
CVSS 9.6
CVE-2012-3993
Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
CVE-2012-0384 HIGH
Cisco IOS 12.2-15.2 & IOS XE 2.1.x-3.5.1S Authenticated Privilege Escalation via HTTP/HTTPS
CVSS 7.2
CVE-2011-3349 HIGH
lightdm < 0.9.6 - Privilege Escalation via Symlink Attack
CVSS 7.8
CVE-2011-4954 HIGH
cobbler - Local Privilege Escalation via Insecure PYTHON_EGG_CACHE Location
CVSS 7.8
CVE-2011-2910 MEDIUM
ax25-tools < 0.0.8-13 - Improper Privilege Management via setuid Call Failure
CVSS 6.7
CVE-2011-3054
Google Chrome < 17.0.963.83 - Privilege Escalation via WebUI Isolation Bypass
CVE-2011-3898
Google Chrome <15.0.874.120 - Info Disclosure
CVE-2011-1526
MIT Kerberos Version 5 Applications <1.0.1 - Privilege Escalation
CVE-2010-4664 HIGH
ConsoleKit < 0.4.2 - Authenticated Privilege Escalation via VNC Session
CVSS 8.8
CVE-2010-4258
Linux Kernel < 2.6.36.2 - Privilege Escalation via KERNEL_DS get_fs Handling
CVE-2010-4347
Linux Kernel < 2.6.36.2 - Privilege Escalation via ACPI Debugfs Custom Method
Details
Vulnerabilities 2,838
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits