CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269
CVE-2018-11006 MEDIUM
K7Computing K7AntiVirus Premium 15.01.00.53 - Incorrect Access Control
CVSS 5.5
CVE-2018-21226 HIGH
NETGEAR JNR1010v2 JWNR2010v5 WNR1000v4 WNR2020 WNR2050 < 1.1.0.48 - Unauthenticated Authentication Bypass
CVSS 8.8
CVE-2018-21124 HIGH
NETGEAR WAC505 and WAC510 Firmware < 5.0.0.17 - Privilege Escalation
CVSS 8.8
CVE-2018-17954 CRITICAL
SUSE OpenStack Cloud 7-9 and Crowbar 8-9 - Improper Privilege Management
CVSS 9.3
CVE-2018-8654 MEDIUM
Microsoft Dynamics 365 Server - Privilege Escalation
CVSS 6.5
CVE-2018-16272 CRITICAL
Samsung Galaxy Gear Firmware < RE2 - Unauthenticated Improper Privilege Management via D-Bus Interface
CVSS 9.8
CVE-2018-16271 MEDIUM
Samsung Galaxy Gear Firmware < RE2 - Unauthenticated Privilege Escalation via D-Bus Security Policy Misconfiguration
CVSS 6.5
CVE-2018-16270 HIGH
Samsung Galaxy Gear Firmware < RE2 - Unauthenticated Arbitrary File Write via hcidump Utility
CVSS 7.5
CVE-2018-16268 MEDIUM
Tizen < 5.0 M1 - Unauthenticated Privilege Escalation via D-Bus Security Policy Misconfiguration
CVSS 4.3
CVE-2018-16267 HIGH
Tizen < 5.0 M1 - Unauthenticated Privilege Escalation via D-Bus System-Popup Service
CVSS 8.1
CVE-2018-16266 HIGH
Tizen < 5.0 M1 - Unauthenticated Privilege Escalation via D-Bus Security Policy Misconfiguration
CVSS 8.1
CVE-2018-16265 MEDIUM
Tizen < 5.0 M1 - Unauthenticated Privilege Escalation via D-Bus Security Policy Misconfiguration
CVSS 6.5
CVE-2018-16263 HIGH
Tizen < 5.0 M1 - Unauthenticated Improper Privilege Management via D-Bus Security Policy Misconfiguration
CVSS 8.8
CVE-2018-16262 HIGH
Tizen < 5.0 M1 - Unauthenticated Improper Privilege Management via D-Bus Security Policy Misconfiguration
CVSS 8.8
CVE-2018-0728 HIGH
QNAP Helpdesk < 3.0.0 - Improper Access Control
CVSS 7.5
CVE-2018-18368 HIGH
Symantec Endpoint Protection Manager < 14.2 RU1 - Privilege Escalation
CVSS 7.8
CVE-2018-18931 HIGH
Tightrope Media Carousel < 7.0.4.104 - Privilege Escalation via Insecure Service Executable Permissions
CVSS 8.8
CVE-2018-21025 CRITICAL
Centreon VM < 19.04.3 - Privilege Escalation via centreon-backup.pl Configuration File
CVSS 9.8
CVE-2018-9425 HIGH
Android 10 - Local Privilege Escalation via Missing Permission Checks
CVSS 7.8
CVE-2018-21013 CRITICAL
Swape < 1.2.1 - Unauthenticated Administrator Account Creation via xmlPath Parameter
CVSS 9.8
CVE-2018-15557 HIGH
Actiontec WEB6000Q Firmware 1.1.02.22 - Unauthenticated Privilege Escalation via Telnet Access
CVSS 8.8
CVE-2018-15207 HIGH
BPC SmartVista 2 - Improper Access Control
CVSS 7.2
CVE-2018-4008 HIGH
Shimo VPN 4.1.5.1 - Privilege Escalation via RunVpncScript Helper Service
CVSS 7.8
CVE-2018-14894 HIGH
CyberArk Endpoint Privilege Manager <10.2.1.603 - Privilege Escalation
CVSS 7.8
CVE-2018-4310 CRITICAL
iPhone OS < 12.0 and macOS < 10.14 - Improper Privilege Management
CVSS 10.0
Details
Vulnerabilities 2,838
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits