CWE-273 · Improper Check for Dropped Privileges
16 CVEs classified under CWE-273 (Improper Check for Dropped Privileges). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-6972 | Critical | 9.8 | 2017-03-22 | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka Ali… |
CVE-2026-32107 | High | 8.8 | 2026-04-17 | xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop proce… |
CVE-2025-27396 | High | 8.8 | 2025-03-11 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of pri… |
CVE-2026-21882 | High | 8.4 | 2026-03-02 | theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping a… |
CVE-2026-0099 | High | 7.8 | 2026-06-01 | In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could l… |
CVE-2024-38813 | High | 7.5 | 2024-09-17 | The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to esc… |
CVE-2026-44073 | Medium | 5.0 | 2026-05-21 | Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain e… |
CVE-2025-62175 | Medium | 4.3 | 2025-10-13 | Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user accoun… |
CVE-2023-0657 | Low | 3.4 | 2024-11-17 | A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated a… |
CVE-2025-1003 | | 2025-02-03 | A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privi… | |
CVE-2023-5369 | | 2023-10-04 | Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectiv… | |
CVE-2022-0358 | | 2022-08-29 | A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest use… | |
CVE-2021-37839 | | 2022-07-06 | Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata includ… | |
CVE-2021-3982 | | 2022-04-29 | Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take ad… | |
CVE-2021-36372 | | 2021-11-19 | In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users… | |
CVE-2015-0278 | | 2015-05-18 | libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. |