The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
2,838 vulnerabilities with CWE-269
CVE-2018-19648
HIGH
ADTRAN PMAA <1.6.4 - Privilege Escalation
CVSS 8.8
CVE-2018-16838
MEDIUM
sssd - Improper Access Control via Group Policy Objects Permission Handling
CVSS 5.4
CVE-2018-11767
HIGH
Apache Hadoop 2.7.5-2.7.6, 2.8.3-2.8.4, 2.9.0-2.9.1 - Improper Privilege Management in KMS
CVSS 7.4
CVE-2018-18252
HIGH
CapMon Access Manager 5.4.1.1005 - Privilege Escalation via CALRunElevated.exe --system Option
CVSS 7.8
CVE-2018-19725
CRITICAL
Adobe Acrobat and Reader <2019.010.20069 - Privilege Escalation
CVSS 9.8
CVE-2018-5839
HIGH
Snapdragon Auto/Mobile/Compute/IOT - Memory Corruption
CVSS 7.1
CVE-2018-19012
HIGH
Draeger Infinity Delta, Delta XL, Kappa, and Infinity Explorer C700 - Privilege Escalation via Kiosk Mode Bypass
CVSS 7.8
CVE-2018-19635
CRITICAL
CA Service Desk Manager <17 - Privilege Escalation
CVSS 9.8
CVE-2018-16888
MEDIUM
systemd <v237 - Privilege Escalation
CVSS 4.7
CVE-2018-0671
MEDIUM
INplc-RT < 3.08 - Authenticated Privilege Escalation
CVSS 6.7
CVE-2018-1000624
HIGH
Battelle V2I Hub 2.5.1 - Unauthenticated Denial of Service via Powerdown Endpoint
CVSS 7.5
CVE-2018-20193
HIGH
Secure Access SA Series SSL VPN <5.1R5-4.2 - Privilege Escalation
CVSS 8.8
CVE-2018-15331
HIGH
BIG-IP AAM <13.0.0 - Privilege Escalation
CVSS 7.8
CVE-2018-11965
HIGH
Android - Improper Privilege Management via proptrigger.sh Execution
CVSS 7.8
CVE-2018-1973
HIGH
IBM API Connect <5.0.8.4 - Privilege Escalation
CVSS 7.2
CVE-2018-8619
HIGH
Internet Explorer 9-11 - Remote Code Execution via VBScript Execution Policy Bypass
CVSS 7.5
CVE-2018-10143
CRITICAL
Palo Alto Networks Expedition <= 1.0.107 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2018-18344
MEDIUM
Google Chrome < 71.0.3578.80 - Unauthenticated Local File Access via setDownloadBehavior DevTools Protocol
CVSS 6.5
CVE-2018-1000866
HIGH
Pipeline: Groovy Plugin <2.59 - Code Injection
CVSS 8.8
CVE-2018-1000865
HIGH
Jenkins Script Security Plugin < 1.47 - Sandbox Bypass via SandboxTransformer
CVSS 8.8
CVE-2018-19608
MEDIUM
Arm Mbed TLS <2.14.1-2.1.17 - Info Disclosure
CVSS 4.7
CVE-2018-1941
HIGH
IBM Campaign <9.1.0,9.1.2 - Privilege Escalation
CVSS 8.4
CVE-2018-19853
HIGH
hitshop <2014-07-15 - Privilege Escalation
CVSS 8.8
CVE-2018-11912
HIGH
Android - Improper Privilege Management via Daemon Configuration
CVSS 7.8
CVE-2018-11911
HIGH
Android - Improper Privilege Management via Script Configuration
CVSS 7.8
Details
Vulnerabilities
2,838
Exploit Likelihood
Medium