CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,837 vulnerabilities with CWE-269
CVE-2019-15012 HIGH
Bitbucket 4.13.0-6.9.0 - Authenticated Remote Code Execution via Edit-File Endpoint
CVSS 8.8
CVE-2019-19728 HIGH
SchedMD Slurm <18.08.9, <19.05.5 - Privilege Escalation
CVSS 7.5
CVE-2019-19544 HIGH
CA Automic Dollar Universe 5.3.3 - Privilege Escalation
CVSS 7.8
CVE-2019-14819 HIGH
OpenShift Container Platform - Privilege Escalation via dockergc Service Account Assignment
CVSS 8.8
CVE-2019-19585 HIGH
rConfig 3.9.3 - Privilege Escalation
CVSS 7.8
CVE-2019-7479 HIGH
SonicOS <6.9.1.12-4o - Privilege Escalation
CVSS 7.2
CVE-2019-20074 HIGH
Netis DL4323 - Unauthenticated Sensitive Information Exposure via form2saveConf.cgi
CVSS 8.8
CVE-2019-20043 MEDIUM
WordPress 3.7-5.3.0 - Authenticated Privilege Escalation via REST API Sticky Post Manipulation
CVSS 4.3
CVE-2019-19151 MEDIUM
BIG-IP <15.1.0 - Privilege Escalation
CVSS 5.5
CVE-2019-6685 HIGH
F5 BIG-IP Privilege Escalation and Remote Code Execution via iRules
CVSS 7.8
CVE-2019-5259 MEDIUM
Huawei AR Series Firmware - Information Disclosure via Command Execution
CVSS 6.5
CVE-2019-19783 MEDIUM
Cyrus IMAP < 2.5.15, 3.0.x < 3.0.13, 3.1.x <= 3.1.8 - Privilege Escalation via Sieve Script Fileinto Directive
CVSS 6.5
CVE-2019-5250 HIGH
Mate 20 Pro <9.1.0.135(C00E133R3P1 - Privilege Escalation
CVSS 7.8
CVE-2019-16777 HIGH
npm < 6.13.4 - Arbitrary File Overwrite via Global Binary Installation
CVSS 7.7
CVE-2019-19726 HIGH
OpenBSD Dynamic Loader chpass Privilege Escalation
CVSS 7.8
CVE-2019-13738 MEDIUM
Google Chrome <79.0.3945.79 - Auth Bypass
CVSS 6.5
CVE-2019-2225 HIGH
Android 8.0-10 - Unauthenticated Remote Privilege Escalation via Bluetooth Pairing
CVSS 8.8
CVE-2019-3990 MEDIUM
Harbor >=1.7.0 <1.7.6 - User Enumeration via Search Functionality
CVSS 4.3
CVE-2019-4465 LOW
IBM Cloud Pak System <2.3.0.1 - Info Disclosure
CVSS 3.3
CVE-2019-19014 HIGH
TitanHQ WebTitan <5.18 - Privilege Escalation
CVSS 7.8
CVE-2019-6668 MEDIUM
BIG-IP APM Edge Client for macOS 11.5.1-11.6.5 - Unprivileged Root File Access
CVSS 5.5
CVE-2019-7319 HIGH
Cloudera Hue <6.1.0 - Privilege Escalation
CVSS 8.3
CVE-2019-13705 MEDIUM
Google Chrome <78.0.3904.70 - Info Disclosure
CVSS 4.3
CVE-2019-13702 HIGH
Google Chrome <78.0.3904.70 - Privilege Escalation
CVSS 7.8
CVE-2019-3466 HIGH
postgresql-common < 210 - Local Privilege Escalation via pg_ctlcluster Temporary Directory Creation
CVSS 7.8
Details
Vulnerabilities 2,837
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits