CWE-267
AllowedPrivilege Defined With Unsafe Actions
Abstraction: Base · Status: Incomplete
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
102 vulnerabilities reference this CWE, most recent first.
GHSA-5RMQ-JGFJ-9PH2
Vulnerability from github – Published: 2025-10-21 21:33 – Updated: 2025-10-21 21:33Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
{
"affected": [],
"aliases": [
"CVE-2025-62641"
],
"database_specific": {
"cwe_ids": [
"CWE-267"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-21T20:20:55Z",
"severity": "HIGH"
},
"details": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",
"id": "GHSA-5rmq-jgfj-9ph2",
"modified": "2025-10-21T21:33:44Z",
"published": "2025-10-21T21:33:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62641"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-64FP-9M6R-66H4
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
{
"affected": [],
"aliases": [
"CVE-2024-8539"
],
"database_specific": {
"cwe_ids": [
"CWE-267"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T17:15:11Z",
"severity": "HIGH"
},
"details": "Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.",
"id": "GHSA-64fp-9m6r-66h4",
"modified": "2024-11-12T18:30:57Z",
"published": "2024-11-12T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8539"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6CCM-42M4-9QFP
Vulnerability from github – Published: 2024-08-28 18:31 – Updated: 2024-08-28 18:31A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device.
This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root.
{
"affected": [],
"aliases": [
"CVE-2024-20411"
],
"database_specific": {
"cwe_ids": [
"CWE-267"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-28T17:15:09Z",
"severity": "MODERATE"
},
"details": "A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to\u0026nbsp;execute arbitrary code as root on an affected device.\n\nThis vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root.",
"id": "GHSA-6ccm-42m4-9qfp",
"modified": "2024-08-28T18:31:54Z",
"published": "2024-08-28T18:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20411"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PV9-8VP3-8Q9Q
Vulnerability from github – Published: 2023-04-25 21:30 – Updated: 2023-04-25 21:30A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2021-44547"
],
"database_specific": {
"cwe_ids": [
"CWE-267"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-25T19:15:09Z",
"severity": "HIGH"
},
"details": "A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.",
"id": "GHSA-6pv9-8vp3-8q9q",
"modified": "2023-04-25T21:30:28Z",
"published": "2023-04-25T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44547"
},
{
"type": "WEB",
"url": "https://github.com/odoo/odoo/issues/107696"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6R2P-HGF3-6JMR
Vulnerability from github – Published: 2025-10-21 21:33 – Updated: 2025-10-21 21:33Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
{
"affected": [],
"aliases": [
"CVE-2025-62289"
],
"database_specific": {
"cwe_ids": [
"CWE-267"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-21T20:20:53Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
"id": "GHSA-6r2p-hgf3-6jmr",
"modified": "2025-10-21T21:33:44Z",
"published": "2025-10-21T21:33:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62289"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-729M-5X6M-WWXV
Vulnerability from github – Published: 2026-04-20 21:31 – Updated: 2026-04-21 21:31In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks privilege/virtualization isolation and can lead to denial of service or privilege-boundary violation in environments relying on NEMU for correct interrupt virtualization.
{
"affected": [],
"aliases": [
"CVE-2026-29646"
],
"database_specific": {
"cwe_ids": [
"CWE-267"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-20T21:16:19Z",
"severity": "CRITICAL"
},
"details": "In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks privilege/virtualization isolation and can lead to denial of service or privilege-boundary violation in environments relying on NEMU for correct interrupt virtualization.",
"id": "GHSA-729m-5x6m-wwxv",
"modified": "2026-04-21T21:31:21Z",
"published": "2026-04-20T21:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29646"
},
{
"type": "WEB",
"url": "https://github.com/OpenXiangShan/NEMU/issues/951"
},
{
"type": "WEB",
"url": "https://github.com/OpenXiangShan/NEMU/pull/938"
},
{
"type": "WEB",
"url": "https://github.com/OpenXiangShan/NEMU/pull/938/commits/55295c46580456d8d5a9d5736e1fda924b8825ab"
},
{
"type": "WEB",
"url": "https://docs.riscv.org/reference/isa/priv/hypervisor.html"
},
{
"type": "WEB",
"url": "https://docs.riscv.org/reference/isa/priv/machine.html"
},
{
"type": "WEB",
"url": "https://docs.riscv.org/reference/isa/priv/supervisor.html"
},
{
"type": "WEB",
"url": "https://docs.riscv.org/reference/isa/unpriv/zicsr.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-76FP-M4VP-HXRQ
Vulnerability from github – Published: 2025-09-29 18:33 – Updated: 2025-11-05 00:31VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
{
"affected": [],
"aliases": [
"CVE-2025-41244"
],
"database_specific": {
"cwe_ids": [
"CWE-267"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-29T17:15:30Z",
"severity": "HIGH"
},
"details": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.",
"id": "GHSA-76fp-m4vp-hxrq",
"modified": "2025-11-05T00:31:28Z",
"published": "2025-09-29T18:33:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41244"
},
{
"type": "WEB",
"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
},
{
"type": "WEB",
"url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/09/29/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78Q7-W9GC-QFGH
Vulnerability from github – Published: 2022-12-13 15:30 – Updated: 2024-04-04 03:13Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
{
"affected": [],
"aliases": [
"CVE-2022-38124"
],
"database_specific": {
"cwe_ids": [
"CWE-267",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T14:15:00Z",
"severity": "MODERATE"
},
"details": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.",
"id": "GHSA-78q7-w9gc-qfgh",
"modified": "2024-04-04T03:13:30Z",
"published": "2022-12-13T15:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38124"
},
{
"type": "WEB",
"url": "https://www.secomea.com/support/cybersecurity-advisory"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7M27-3587-83XF
Vulnerability from github – Published: 2021-10-21 17:46 – Updated: 2021-10-20 15:06A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10170"
],
"database_specific": {
"cwe_ids": [
"CWE-267"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-20T15:06:01Z",
"nvd_published_at": "2020-05-08T14:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.",
"id": "GHSA-7m27-3587-83xf",
"modified": "2021-10-20T15:06:01Z",
"published": "2021-10-21T17:46:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10170"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Privilege Defined With Unsafe Actions in Keycloak"
}
GHSA-7PM2-436M-JFF6
Vulnerability from github – Published: 2023-04-25 21:30 – Updated: 2023-04-25 21:30A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
{
"affected": [],
"aliases": [
"CVE-2021-23166"
],
"database_specific": {
"cwe_ids": [
"CWE-267",
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-25T19:15:09Z",
"severity": "HIGH"
},
"details": "A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.",
"id": "GHSA-7pm2-436m-jff6",
"modified": "2023-04-25T21:30:28Z",
"published": "2023-04-25T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23166"
},
{
"type": "WEB",
"url": "https://github.com/odoo/odoo/issues/107687"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5399"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.
CAPEC-634: Probe Audio and Video Peripherals
The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system.
CAPEC-637: Collect Data from Clipboard
The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copied to the clipboard can be accessed by other applications, such as malware built to exfiltrate or log clipboard contents on a periodic basis. In this way, the adversary aims to garner information to which they are unauthorized.
CAPEC-643: Identify Shared Files/Directories on System
An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.
CAPEC-648: Collect Data from Screen Capture
An adversary gathers sensitive information by exploiting the system's screen capture functionality. Through screenshots, the adversary aims to see what happens on the screen over the course of an operation. The adversary can leverage information gathered in order to carry out further attacks.