CWE-267
62 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-267page 1 of 2
- CVE-2017-2616MEDIUMCVSS 5.5EG 4.72018-07-27
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
- CVE-2019-10169MEDIUMCVSS 6.6EG 6.62020-05-08
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and exec…
- CVE-2019-10170MEDIUMCVSS 6.6EG 6.62020-05-08
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious …
- CVE-2019-14865MEDIUMCVSS 5.9EG 5.52019-11-29
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootab…
- CVE-2020-29396HIGHCVSS 8.8EG 8.82020-12-22
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.
- CVE-2020-7824MEDIUMCVSS 6.5EG 6.52020-08-25
A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could …
- CVE-2021-23166HIGHCVSS 8.7EG 8.72023-04-25
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
- CVE-2021-23186HIGHCVSS 8.7EG 8.72023-04-25
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system.
- CVE-2021-32739HIGHCVSS 8.8EG 8.82021-07-15
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow pri…
- CVE-2021-40354HIGHCVSS 7.1EG 7.12021-09-14
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" funct…
- CVE-2021-44476MEDIUMCVSS 6.8EG 7.12023-04-25
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.
- CVE-2021-44547CRITICALCVSS 9.1EG 8.72023-04-25
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.
- CVE-2022-38124MEDIUMCVSS 5.7EG 6.52022-12-13
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
- CVE-2023-22647CRITICALCVSS 9.9EG 9.92023-06-01
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-leve…
- CVE-2023-27895MEDIUMCVSS 6.1EG 6.52023-03-14
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanum…
- CVE-2023-28049MEDIUMCVSS 4.7EG 4.72024-02-06
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.
- CVE-2023-2983HIGHCVSS 8.8EG 8.82023-05-30
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
- CVE-2023-32457HIGHCVSS 7.5EG 7.52023-08-29
Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.
- CVE-2023-41966MEDIUMCVSS 6.5EG 6.52023-10-26
The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.
- CVE-2023-43746HIGHCVSS 8.7EG 8.72023-10-10
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker t…
- CVE-2023-44218HIGHCVSS 8.8EG 8.82023-10-03
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.
- CVE-2024-20411MEDIUMCVSS 6.7EG 6.72024-08-28
A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient securi…
- CVE-2024-32901HIGHCVSS 7.8EG 7.82024-06-13
In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…
- CVE-2024-39866HIGHCVSS 8.8EG 8.82024-07-09
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key an…
- CVE-2024-42365HIGHCVSS 7.4EG 7.42024-08-08
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may chang…
- CVE-2024-47906HIGHCVSS 7.8EG 7.82024-11-12
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
- CVE-2024-55968HIGHCVSS 8.8EG 8.82025-01-28
An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation dur…
- CVE-2024-5622HIGHCVSS 7.8EG 7.82024-08-29
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
- CVE-2024-5623HIGHCVSS 7.8EG 7.82024-08-29
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
- CVE-2024-7571HIGHCVSS 7.8EG 7.82024-11-12
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
- CVE-2024-8539HIGHCVSS 7.1EG 7.12024-11-12
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
- CVE-2024-8631MEDIUMCVSS 5.5EG 5.52024-09-12
A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could hav…
- CVE-2024-9842HIGHCVSS 7.3EG 7.32024-11-12
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
- CVE-2025-13979MEDIUMCVSS 5.4EG 5.42026-01-28
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2.
- CVE-2025-14349HIGHCVSS 8.8EG 8.82026-02-13
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue af…
- CVE-2025-23015HIGHCVSS 8.8EG 8.82025-02-04
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Oper…
- CVE-2025-26467HIGHCVSS 8.8EG 8.82025-08-25
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Oper…
- CVE-2025-2903HIGHCVSS 8.5EG 0.02025-04-17
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain ac…
- CVE-2025-41244HIGHCVSS 7.8EG 9.0⚠ KEV2025-09-29
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with …
- CVE-2025-47811MEDIUMCVSS 4.1EG 4.12025-07-10
In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands (i.e.,…
- CVE-2025-53070MEDIUMCVSS 5.5EG 5.52025-10-21
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where …
- CVE-2025-53900MEDIUMCVSS 6.5EG 6.52025-11-29
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for autho…
- CVE-2025-61754MEDIUMCVSS 6.5EG 6.52025-10-21
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Service API). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with net…
- CVE-2025-62288MEDIUMCVSS 4.9EG 4.92025-10-21
Vulnerability in the Oracle Health Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Logger). Supported versions that are affected are 3.4.0.1.3 and 3.4.1.0.10. Easily exploitable vulnerability…
- CVE-2025-62289MEDIUMCVSS 4.9EG 4.92025-10-21
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access…
- CVE-2025-62479LOWCVSS 2.7EG 2.72025-10-21
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network acce…
- CVE-2025-62480LOWCVSS 2.7EG 2.72025-10-21
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming Subsystem). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network a…
- CVE-2025-62587HIGHCVSS 8.2EG 8.22025-10-21
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the i…
- CVE-2025-62588HIGHCVSS 8.2EG 8.22025-10-21
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the i…
- CVE-2025-62589HIGHCVSS 8.2EG 8.22025-10-21
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the i…
Map vulnerabilities like CWE-267 to your infrastructure
EchelonGraph correlates every CVE — across CWE-267 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →