Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-269:Improper Privilege Management
Weakness ID:269
Version:v4.17
Weakness Name:Improper Privilege Management
Vulnerability Mapping:Discouraged
Abstraction:Class
Structure:Simple
Status:Draft
Likelihood of Exploit:Medium
DetailsContent HistoryObserved CVE ExamplesReports
2565Vulnerabilities found

CVE-2019-18899
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-6.2||MEDIUM
EPSS-0.12% / 31.01%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 15:00
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
apt-cacher-ng insecure use of /run/apt-cacher-ng

The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.

Action-Not Available
Vendor-apt-cacher-ng_projectopenSUSE
Product-apt-cacher-ngleapbackportsLeap 15.1
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-6773
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 14:37
Updated-06 Aug, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges

Action-Not Available
Vendor-n/aMicrosoft CorporationSplunk LLC (Cisco Systems, Inc.)
Product-windowssplunkn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-17202
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 00:00
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege.

Action-Not Available
Vendor-fasttracksoftwaren/a
Product-admin_by_requestn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-16272
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.27%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 13:04
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Action-Not Available
Vendor-n/aSamsung
Product-gear_livegear_s3_firmwaregear_fit_2_pro_firmwaregear_s2gear_fit_2gear_fitgear_sgear_s2_firmwaregear_2_firmwaregear_s3gear_fit_2_progear_fit_2_firmwaregear_sport_firmwaregalaxy_gear_firmwaregalaxy_geargear_fit_firmwaregear_s_firmwaregear_live_firmwaregear_2gear_sportn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-16271
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.70%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 13:03
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Action-Not Available
Vendor-n/aSamsung
Product-gear_livegear_s3_firmwaregear_fit_2_pro_firmwaregear_s2gear_fit_2gear_fitgear_sgear_s2_firmwaregear_2_firmwaregear_s3gear_fit_2_progear_fit_2_firmwaregear_sport_firmwaregalaxy_gear_firmwaregalaxy_geargear_fit_firmwaregear_s_firmwaregear_live_firmwaregear_2gear_sportn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-16270
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.86%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 13:01
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.

Action-Not Available
Vendor-n/aSamsung
Product-gear_livegear_s3_firmwaregear_fit_2_pro_firmwaregear_s2gear_fit_2gear_fitgear_sgear_s2_firmwaregear_2_firmwaregear_s3gear_fit_2_progear_fit_2_firmwaregear_sport_firmwaregalaxy_gear_firmwaregalaxy_geargear_fit_firmwaregear_s_firmwaregear_live_firmwaregear_2gear_sportn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-16268
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.48%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 12:51
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSamsung
Product-galaxy_geartizenn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-16267
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.21% / 43.12%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 12:49
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSamsung
Product-galaxy_geartizenn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-16265
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.48%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 12:45
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSamsung
Product-galaxy_geartizenn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-16263
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.69%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 12:41
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSamsung
Product-galaxy_geartizenn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-16262
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.31%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 12:20
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSamsung
Product-galaxy_geartizenn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-16266
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.19% / 40.63%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 12:15
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSamsung
Product-galaxy_geartizenn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-7047
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.69% / 82.01%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 20:37
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.

Action-Not Available
Vendor-webfactoryltdn/a
Product-wp_database_resetn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-10940
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.9||CRITICAL
EPSS-0.18% / 39.54%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 15:35
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinema_serverSINEMA Server
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-15012
Assigner-Atlassian
ShareView Details
Assigner-Atlassian
CVSS Score-8.8||HIGH
EPSS-1.92% / 83.15%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 20:46
Updated-17 Sep, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance.

Action-Not Available
Vendor-Atlassian
Product-bitbucketBitbucket ServerBitbucket Data Center
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-6448
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.08%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 18:01
Updated-06 Aug, 2024 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-junosn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-5071
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 58.29%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 17:06
Updated-06 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.

Action-Not Available
Vendor-bmcn/a
Product-remedy_ar_system_servern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-5072
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.44%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 17:06
Updated-06 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.

Action-Not Available
Vendor-bmcn/a
Product-remedy_ar_system_servern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-5466
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.61%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:00
Updated-06 Aug, 2024 | 06:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call.

Action-Not Available
Vendor-sisn/a
Product-xgi_vga_display_managern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-7556
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.03%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 14:57
Updated-06 Aug, 2024 | 07:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.

Action-Not Available
Vendor-delegateNational Institute of Advanced Industrial Science and Technology
Product-delegateDeleGate
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-1563
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.03%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 12:59
Updated-06 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Joomla! before 2.5.3 allows Admin Account Creation.

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla!
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-0635
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 58.19%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-4761
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.30%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 19:22
Updated-06 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.

Action-Not Available
Vendor-safendn/a
Product-data_protector_agentn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-4760
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.30%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 19:12
Updated-06 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.

Action-Not Available
Vendor-safendn/a
Product-data_protector_agentn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-6949
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.00%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 18:58
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.

Action-Not Available
Vendor-hashbrowncmsn/a
Product-hashbrown_cmsn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-4767
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.10% / 27.99%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 18:57
Updated-06 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine.

Action-Not Available
Vendor-safendn/a
Product-data_protector_agentn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-19728
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.64%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 18:14
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

Action-Not Available
Vendor-schedmdn/aDebian GNU/LinuxopenSUSE
Product-slurmdebian_linuxleapn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-6231
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-35.65% / 97.00%
||
7 Day CHG~0.00%
Published-10 Jan, 2020 | 13:11
Updated-06 Aug, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script

Action-Not Available
Vendor-engn/a
Product-spagobin/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-19544
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Assigner-CA Technologies - A Broadcom Company
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.31%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 16:03
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-ca_automic_dollar_universeCA Automic Dollar Universe
CWE ID-CWE-269
Improper Privilege Management
CVE-2016-6590
Assigner-Symantec - A Division of Broadcom
ShareView Details
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.09%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 15:43
Updated-06 Aug, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.

Action-Not Available
Vendor-Symantec Corporation
Product-endpoint_encryptionencryption_desktopit_management_suiteghost_solution_suiteGhost Solution SuiteSymantec Endpoint VirtualizationIT Management SuiteEncryption Desktop
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-14819
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-07 Jan, 2020 | 17:02
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

Action-Not Available
Vendor-[Red Hat]Red Hat, Inc.
Product-openshift_container_platformopenshift-ansible
CWE ID-CWE-270
Privilege Context Switching Error
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-19585
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.35%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 19:24
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.

Action-Not Available
Vendor-rconfign/a
Product-rconfign/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-4161
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.67%
||
7 Day CHG~0.00%
Published-31 Dec, 2019 | 18:13
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.

Action-Not Available
Vendor-gksu-polkit_projectgksu-polkit-0.0.3-6.fc18Fedora Project
Product-fedoragksu-polkitgksu-polkit-0.0.3-6.fc18
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-7479
Assigner-SonicWall, Inc.
ShareView Details
Assigner-SonicWall, Inc.
CVSS Score-7.2||HIGH
EPSS-0.24% / 47.60%
||
7 Day CHG~0.00%
Published-31 Dec, 2019 | 01:30
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Action-Not Available
Vendor-SonicWall Inc.
Product-sonicossonicosvSonicOSvSonicOS
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-2016
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.31%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 21:47
Updated-06 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.

Action-Not Available
Vendor-Debian GNU/LinuxQEMUNovell
Product-open_enterprise_serverdebian_linuxqemuopen_desktop_serverqemu (virtio-rng)
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-5663
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.58%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 21:01
Updated-06 Aug, 2024 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).

Action-Not Available
Vendor-textproc/isearch packageOpenBSD
Product-textproc\/isearchtextproc/isearch package
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-459
Incomplete Cleanup
CVE-2019-20074
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.88%
||
7 Day CHG~0.00%
Published-29 Dec, 2019 | 23:29
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-dl4343dl4343_firmwaren/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-5027
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 58.11%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 17:02
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Collabtive 1.0 has incorrect access control

Action-Not Available
Vendor-o-dynn/a
Product-collabtiven/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-4975
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-14.47% / 94.34%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 16:45
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hikvision DS-2CD7153-E IP Camera has Privilege Escalation

Action-Not Available
Vendor-n/aHIKVISION
Product-ds-2cd7153-e_firmwareds-2cd7153-en/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-4867
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.03% / 77.13%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 16:31
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking

Action-Not Available
Vendor-ean/a
Product-karotz_smart_rabbit_firmwarekarotz_smart_rabbitn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-20043
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.50% / 80.92%
||
7 Day CHG+0.33%
Published-27 Dec, 2019 | 07:14
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-19151
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 18:03
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_local_traffic_managerbig-ip_domain_name_systemiworkflowbig-ip_application_security_managerbig-ip_edge_gatewaybig-iq_centralized_managementbig-ip_link_controllerenterprise_managerbig-ip_access_policy_managerbig-ip_advanced_firewall_managerBIG-IP, BIG-IQ, iWorkflow, Enterprise Manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-6685
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.93%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 17:30
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-2312
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:47
Updated-06 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.

Action-Not Available
Vendor-JBoss AS 7Red Hat, Inc.
Product-jboss_enterprise_application_platformjboss_application_serverJBoss
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-5259
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 21:43
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an information disclosure condition.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ar2200_firmwarear150_firmwarear2200-sar1200ar3200_firmwarear2200ar150-s_firmwarear1200-sar3600ar150ar3200ar1200_firmwarear200-s_firmwarear120-s_firmwarear1200-s_firmwarear200ar3600_firmwarear160_firmwarear2200-s_firmwarear200-sar120-sar200_firmwarear150-sar160AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-19783
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.35% / 79.90%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 13:06
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.

Action-Not Available
Vendor-cyrusn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuximapdebian_linuxfedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-5250
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.82%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 14:24
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_20_promate_20_pro_firmwareMate 20 Pro
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-16777
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.35% / 57.32%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 01:00
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Overwrite in npm CLI

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

Action-Not Available
Vendor-npmjsnpmopenSUSERed Hat, Inc.Fedora ProjectOracle Corporation
Product-graalvmenterprise_linuxfedoraenterprise_linux_eusnpmleapcli
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-19726
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-9.38% / 92.68%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-13738
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.89% / 75.28%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-0293
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.88%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 13:14
Updated-06 Aug, 2024 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation

Action-Not Available
Vendor-ovirtoVirt Node
Product-nodeoVirt Node
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • ...
  • 42
  • 43
  • 44
  • ...
  • 51
  • 52
  • Next