VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 29 of 52
  • CVE-2017-7803HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

  • CVE-2018-10550HigApr 30, 2018
    risk 0.49cvss 7.5epss 0.01

    In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.

  • CVE-2018-0821HigFeb 15, 2018
    risk 0.49cvss 7.0epss 0.02

    AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".

  • CVE-2018-0751HigJan 4, 2018
    risk 0.49cvss 7.1epss 0.03

    The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka…

  • CVE-2017-16520HigNov 11, 2017
    risk 0.49cvss 7.5epss 0.01

    Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.

  • CVE-2017-5722HigOct 11, 2017
    risk 0.49cvss 7.5epss 0.00

    Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.

  • CVE-2017-8308HigApr 27, 2017
    risk 0.49cvss 7.5epss 0.01

    In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its…

  • CVE-2015-8467HigDec 29, 2015
    risk 0.49cvss 7.5epss 0.03

    The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote…

  • CVE-2026-50570HigJun 10, 2026
    risk 0.48cvss 8.5epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs (ValidatePodSpecSafety /…

  • CVE-2026-21882HigMar 2, 2026
    risk 0.48cvss 8.4epss 0.00

    theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.

  • CVE-2025-29033HigApr 1, 2025
    risk 0.48cvss 7.3epss 0.00

    An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter.

  • CVE-2024-34454HigMay 26, 2024
    risk 0.48cvss 7.4epss 0.00

    Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted…

  • CVE-2023-7080HigDec 29, 2023
    risk 0.48cvss 8.5epss 0.01

    The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and…

  • CVE-2020-17103HigDec 10, 2020
    risk 0.48cvss 7.0epss 0.27

    Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

  • CVE-2018-11767HigMar 21, 2019
    risk 0.48cvss 7.4epss 0.04

    In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.

  • CVE-2017-6924HigJan 15, 2019
    risk 0.48cvss 7.4epss 0.02

    In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest)…

  • CVE-2018-1000028HigFeb 9, 2018
    risk 0.48cvss 7.4epss 0.01

    Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be…

  • CVE-2017-10104HigAug 8, 2017
    risk 0.48cvss 7.4epss 0.01

    Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP…

  • CVE-2017-7918MedJun 21, 2017
    risk 0.48cvss 6.8epss 0.07

    An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow…

  • CVE-2026-42562HigMay 9, 2026
    risk 0.47cvss 8.3epss 0.00

    Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}. The endpoint directly persists the admin attribute from user input, and…