Description
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
Extended Description
If the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.
CVE vulnerabilities with CWE-273 (46)
10.0
CVSS
HIGH
CVE-2015-0278
pub. 2015-05-18
9.8
CVSS
CRITICAL
CVE-2023-34844
pub. 2023-06-29
9.8
CVSS
CRITICAL
CVE-2021-36372
pub. 2021-11-19
9.8
CVSS
CRITICAL
CVE-2020-24361
pub. 2020-08-16
9.8
CVSS
CRITICAL
CVE-2011-2921
pub. 2019-11-19
9.8
CVSS
CRITICAL
CVE-2011-3350
pub. 2019-11-19
9.8
CVSS
CRITICAL
CVE-2012-1187
pub. 2019-10-29
9.8
CVSS
CRITICAL
CVE-2017-6972
pub. 2017-03-22
8.8
CVSS
HIGH
CVE-2026-32107
pub. 2026-04-17
8.8
CVSS
HIGH
CVE-2024-8382
pub. 2024-09-03
8.8
CVSS
HIGH
CVE-2020-14298
pub. 2020-07-13
8.8
CVSS
HIGH
CVE-2020-14300
pub. 2020-07-13
8.7
CVSS
HIGH
CVE-2025-27396
pub. 2025-03-11
8.5
CVSS
HIGH
CVE-2025-1003
pub. 2025-02-04
8.4
CVSS
HIGH
CVE-2026-21882
pub. 2026-03-02
8.1
CVSS
HIGH
CVE-2018-16466
pub. 2018-10-30
7.8
CVSS
HIGH
CVE-2026-0099
pub. 2026-06-01
7.8
CVSS
HIGH
CVE-2023-34322
pub. 2024-01-05
7.8
CVSS
HIGH
CVE-2023-35692
pub. 2023-07-14
7.8
CVSS
HIGH
CVE-2022-0358
pub. 2022-08-29
Showing 20 of 46 vulnerabilities