CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,837 vulnerabilities with CWE-269

CVE-2020-10384 HIGH

mbconnectline mbconnect24 and mymbconnect24 < 2.6.1 - Local Privilege Escalation from www-data to root

CVSS 7.8

CVE-2020-11708 CRITICAL

ProVide FTP Server < 13.1 - Privilege Escalation via EXECUTE() Feature

CVSS 9.8

CVE-2020-1991 HIGH

Palo Alto Networks Traps <5.0.8-6.1.4 - Privilege Escalation

CVSS 7.8

CVE-2020-1989 HIGH

Palo Alto Networks GlobalProtect Agent for Linux < 5.0.8 - Authenticated Privilege Escalation via Application File Write

CVSS 7.0

CVE-2020-5302 HIGH

mh-wikibot < 2020-04-06 - Unauthenticated Privilege Escalation via Nickname Impersonation

CVSS 8.2

CVE-2020-11466 MEDIUM

Deskpro < 2019.8.0 - Improper Privilege Management in Ticket API Endpoint

CVSS 4.3

CVE-2020-11464 MEDIUM

Deskpro < 2019.8.0 - Improper Privilege Management via API People Endpoint

CVSS 4.3

CVE-2020-7009 HIGH

Elasticsearch 6.7.0-6.8.7 and 7.0.0-7.6.1 - Privilege Escalation via API Key Generation

CVSS 8.8

CVE-2020-5291 HIGH

Bubblewrap <0.4.1 - Privilege Escalation

CVSS 7.2

CVE-2020-10940 HIGH

PHOENIX CONTACT PORTICO SERVER <3.0.7 - Privilege Escalation

CVSS 7.8

CVE-2020-8873 MEDIUM

Parallels Desktop 15.1.2-47123 - Privilege Escalation

CVSS 6.7

CVE-2020-10793 HIGH

CodeIgniter <4.0.0 - Privilege Escalation

CVSS 8.8

CVE-2020-3265 HIGH

Cisco SD-WAN Solution - Privilege Escalation

CVSS 7.8

CVE-2020-3950 HIGH KEV

VMware Fusion <11.5.2 - Privilege Escalation

CVSS 7.8

CVE-2020-7916 MEDIUM

LearnPress <3.2.6.5 - Privilege Escalation

CVSS 6.5

CVE-2020-6584 MEDIUM

Nagios Log Server 2.1.3 - Improper Privilege Management

CVSS 6.5

CVE-2020-10589 HIGH

v2rayL <2.1.3 - Privilege Escalation

CVSS 7.8

CVE-2020-10588 HIGH

v2rayL <2.1.3 - Privilege Escalation

CVSS 7.8

CVE-2020-10088 HIGH

GitLab 12.5-12.8.1 - Insecure Permissions via Group Invitation

CVSS 8.1

CVE-2020-0799 HIGH

Windows 10 - Elevation of Privilege via Symbolic Link Parsing

CVSS 7.8

CVE-2020-0785 HIGH

Windows User Profile Service - Elevation of Privilege via Symlink Handling

CVSS 7.1

CVE-2020-7254 HIGH

McAfee Advanced Threat Defense 4.0-4.8.1 - Privilege Escalation via Sudo Command

CVSS 7.7

CVE-2020-5253 LOW

NetHack < 3.6.0 - Arbitrary Code Execution via Configuration File Escape Sequence

CVSS 3.9

CVE-2020-8113 CRITICAL

GitLab 10.7-12.7.2 - Incorrect Access Control

CVSS 9.8

CVE-2020-6971 HIGH

Emerson ValveLink 12.0.264-13.4.118 - Privilege Escalation via Insecure Configuration Parameters

CVSS 7.8

Details

Vulnerabilities 2,837

Exploit Likelihood Medium

Links