VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 35 of 52
  • CVE-2015-9267MedOct 1, 2018
    risk 0.36cvss 5.5epss 0.00

    Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

  • CVE-2018-9334MedJul 3, 2018
    risk 0.36cvss 5.5epss 0.00

    The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.

  • CVE-2017-7767MedJun 11, 2018
    risk 0.36cvss 5.5epss 0.00

    The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects…

  • CVE-2017-5409MedJun 11, 2018
    risk 0.36cvss 5.5epss 0.00

    The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only…

  • CVE-2018-4173MedApr 13, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.

  • CVE-2017-11747MedJul 30, 2017
    risk 0.36cvss 5.5epss 0.00

    main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root…

  • CVE-2017-8032MedJul 10, 2017
    risk 0.36cvss 6.6epss 0.01

    In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions…

  • CVE-2014-1496MedMar 19, 2014
    risk 0.36cvss 5.5epss 0.00

    Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

  • CVE-2026-5193MedMay 14, 2026
    risk 0.35cvss 6.5epss 0.00

    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks…

  • CVE-2026-29647MedApr 20, 2026
    risk 0.35cvss 6.5epss 0.00

    In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.

  • CVE-2026-35621MedApr 10, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to…

  • CVE-2025-7784MedJul 18, 2025
    risk 0.35cvss 6.5epss 0.00

    A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This…

  • CVE-2025-52555MedJun 26, 2025
    risk 0.35cvss 6.5epss 0.00

    Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The…

  • CVE-2020-26063MedNov 18, 2024
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on…

  • CVE-2024-36056MedMay 26, 2024
    risk 0.35cvss 5.4epss 0.00

    Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege escalation.

  • CVE-2019-25151MedJun 7, 2023
    risk 0.35cvss 5.4epss 0.01

    The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable…

  • CVE-2018-1999032MedAug 1, 2018
    risk 0.35cvss 6.5epss 0.01

    A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an…

  • CVE-2018-0573MedJun 26, 2018
    risk 0.35cvss 5.3epss 0.01

    baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.

  • CVE-2017-7782MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects…

  • CVE-2018-0245MedMay 2, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and…