CWE-648

Low likelihood

Incorrect Use of Privileged APIs

Parent: CWE-269 - Improper Privilege Management

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

63 vulnerabilities with CWE-648
CVE-2022-24071 MEDIUM
Whale < 3.12.129.46 - Rendering Process Compromise via Built-in Extension
CVSS 4.3
CVE-2020-7927 HIGH
MongoDB Ops Manager <4.2.17, <4.3.9, <4.4.2 - Info Disclosure
CVSS 8.1
CVE-2020-5291 HIGH
Bubblewrap <0.4.1 - Privilege Escalation
CVSS 7.2
CVE-2019-14812 HIGH
Ghostscript <9.50 - Privilege Escalation
CVSS 7.8
CVE-2019-10216 HIGH
Ghostscript <9.50 - Privilege Escalation
CVSS 7.8
CVE-2019-14869 HIGH
Ghostscript 9.x <9.50 - Privilege Escalation
CVSS 8.8
CVE-2019-14813 CRITICAL
Ghostscript 9.00-9.49 - Unauthenticated Privilege Escalation via setsystemparams Procedure
CVSS 9.8
CVE-2019-14817 HIGH
Ghostscript < 9.50 - Privilege Escalation via Unsecured Privileged API Calls
CVSS 7.8
CVE-2019-14811 HIGH
Ghostscript < 9.50 - Privilege Escalation via .pdf_hook_DSC_Creator Bypass
CVSS 7.8
CVE-2019-1010178 CRITICAL
Fred MODX Revolution < 1.0.0-beta5 - RCE
CVSS 9.8
CVE-2019-3839 HIGH
Ghostscript <9.27 - Privilege Escalation
CVSS 7.8
CVE-2019-3838 MEDIUM
Ghostscript <9.27 - File System Access
CVSS 5.5
CVE-2019-3835 MEDIUM
Ghostscript < 9.27 - Privileged API Misuse via Superexec Operator
CVSS 5.5
Details
Vulnerabilities 63
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits