The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
2,838 vulnerabilities with CWE-269
CVE-2010-3301
Linux kernel <2.6.36-rc4-git2 - Privilege Escalation
CVE-2009-2848
Linux Kernel < 2.6.29.5 - Privilege Escalation via Improper clear_child_tid Handling
CVE-2009-0080
Windows Vista Gold/SP1 & Server 2008 - Privilege Escalation
CVE-2008-2931
HIGH
Linux Kernel < 2.6.22 - Privilege Escalation via do_change_type Mountpoint Property Modification
CVSS 7.8
CVE-2008-2271
Site Documentation 5.x-1.0-5.x-1.8 - Authenticated Privilege Escalation via Session ID Exposure
CVE-2007-2444
Samba <3.0.25pre2 - Privilege Escalation
CVE-2006-4243
CRITICAL
linux-vserver 1.9.0-2.6.16 - Privilege Escalation via Remount Code
CVSS 9.8
CVE-2004-1349
gzip < 1.3 - Improper Privilege Management via Hard Link Permission Change
CVE-2003-5001
MEDIUM
ISS BlackICE PC Protection - Privilege Escalation via Cross-Site Scripting Detection Bypass
CVSS 5.3
CVE-2002-0367
HIGH
KEV
Windows NT and Windows 2000 - Improper Privilege Management via Handle Duplication
CVSS 7.8
CVE-2002-0080
rsync < 2.5.3 - Improper Privilege Management in Daemon Mode
CVE-2002-0049
Microsoft Exchange Server 2000 - Improper Privilege Management in WinReg Key
CVE-1999-0084
HIGH
Sun NFS - Improper Privilege Management via mknod Device Creation
CVSS 8.4
Details
Vulnerabilities
2,838
Exploit Likelihood
Medium