CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269
CVE-2019-7155 MEDIUM
GitLab <11.5.8-11.7.1 - Privilege Escalation
CVSS 6.5
CVE-2019-6525 HIGH
AVEVA Wonderware System Platform < 2017 Update 2 - Improper Privilege Management via ArchestrA Network User Account
CVSS 8.8
CVE-2019-6287 HIGH
Rancher 2.0.0-2.1.5 - Improper Privilege Management
CVSS 8.1
CVE-2019-0735 HIGH
Windows Client Server Run-Time Subsystem - Privilege Escalation
CVSS 7.8
CVE-2019-10676 MEDIUM
Uniqkey Password Manager 1.14 - Credential Disclosure via Popup Window
CVSS 6.5
CVE-2019-1754 HIGH
Cisco IOS XE - Authenticated Privilege Escalation via Web UI Endpoint
CVSS 8.8
CVE-2019-3849 HIGH
moodle < 3.4.8 - Unauthenticated Privilege Escalation via LTI Request Tampering
CVSS 8.8
CVE-2019-5415 HIGH
serve 6.5.3 - Unauthenticated Directory Listing and File Read via Ignore Feature
CVSS 7.5
CVE-2019-6601 MEDIUM
F5 BIG-IP AAM 11.5.1-11.5.8, 11.6.1-11.6.3.2, 12.1.0-12.1.3.7, 13.0.0 - Privilege Escalation in wamd
CVSS 5.5
CVE-2019-3785 HIGH
Cloudfoundry Capi-release < 1.78.0 - Improper Authorization
CVSS 8.1
CVE-2019-9624 HIGH
Webmin 1.900 - Remote Code Execution via Upload and Download Privilege Abuse
CVSS 7.8
CVE-2019-1588 MEDIUM
Cisco NX-OS < 14.0(1h) - Authenticated Arbitrary File Read
CVSS 4.4
CVE-2019-3475 HIGH
Micro Focus Filr 3.x < Security Update 6 - Authenticated Local Privilege Escalation via famtd Component
CVSS 7.8
CVE-2019-5768 MEDIUM
Chrome < 72.0.3626.81 - Local File Read via Malicious Extension
CVSS 6.5
CVE-2018-9375 HIGH
Android - Local Privilege Escalation via UserDictionaryProvider Confused Deputy
CVSS 7.8
CVE-2018-25044 MEDIUM
uTorrent - Unauthenticated Privilege Escalation via Guest Account
CVSS 6.3
CVE-2018-25041 MEDIUM
uTorrent Web - Privilege Escalation via JSON RPC Server
CVSS 6.3
CVE-2018-25040 MEDIUM
uTorrent Web - Privilege Escalation
CVSS 6.3
CVE-2018-4478 MEDIUM
macOS < 10.13.5 - Privilege Escalation via Physical Access
CVSS 6.8
CVE-2018-16497 HIGH
Versa Analytics - Privilege Escalation via Writable Root Cron Job Script
CVSS 7.8
CVE-2018-9333 HIGH
K7Computing K7AntiVirus Premium 15.1.0.53 - Buffer Overflow in K7TSMngr.exe
CVSS 7.8
CVE-2018-9332 HIGH
K7Computing Antivirus < 16.0.0001 - Improper Privilege Management
CVSS 7.8
CVE-2018-8724 HIGH
K7Computing Antivirus < 16.0.0001 - Privilege Escalation via K7TSMngr.exe
CVSS 7.8
CVE-2018-8044 HIGH
K7Computing Antivirus < 16.0.0001 - Incorrect Access Control in K7Sentry.sys
CVSS 7.8
CVE-2018-11008 MEDIUM
K7Computing K7AntiVirus Premium 15.01.00.53 - Incorrect Access Control
CVSS 5.5
Details
Vulnerabilities 2,838
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits