CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,829 vulnerabilities with CWE-269
CVE-2024-0003 CRITICAL
FlashArray Purity 5.3.17-5.3.20 - Privilege Escalation via Remote Administrative Service
CVSS 9.1
CVE-2024-41228 HIGH
AliyunContainerService pouch <1.3.1 - Privilege Escalation
CVSS 7.6
CVE-2024-34331 CRITICAL
Parallels Desktop for Mac <19.3.0 - Privilege Escalation
CVSS 9.8
CVE-2024-8853 CRITICAL
Webo-facto <= 1.40 - Unauthenticated Privilege Escalation via Username Manipulation
CVSS 9.8
CVE-2024-47000 HIGH
Zitadel < 2.54.10 and 2.62.0-2.62.1 - Improper Privilege Management in Service Account Deactivation
CVSS 8.1
CVE-2024-46999 HIGH
Zitadel < 2.54.10 and 2.62.0 - Improper Privilege Management in User Grants Deactivation
CVSS 7.3
CVE-2024-45752 HIGH
logiops <= 0.3.4 - Privilege Escalation via Unrestricted D-Bus Service
CVSS 8.5
CVE-2024-46989 LOW
spicedb < 1.35.3 - Improper Privilege Management via Caveated Indirect Subject Types
CVSS 3.7
CVE-2024-45496 CRITICAL
OpenShift Controller Manager - Privilege Escalation via Crafted .gitconfig File
CVSS 9.9
CVE-2024-44147 MEDIUM
iPadOS < 18.0 - Unauthorized Local Network Access via State Management Issue
CVSS 5.5
CVE-2024-40861 HIGH
macOS Sequoia <15 - Privilege Escalation
CVSS 7.8
CVE-2024-42798 HIGH
Kashipara Music Management System <1.0 - Privilege Escalation
CVSS 7.6
CVE-2024-6482 HIGH
WordPress <1.7.49 - Privilege Escalation
CVSS 8.8
CVE-2024-8246 HIGH
WordPress <=2.8.11 - Privilege Escalation
CVSS 8.8
CVE-2024-29779 HIGH
Google Android - Privilege Escalation
CVSS 7.8
CVE-2024-7960 CRITICAL
Rockwell Automation Pavilion8 < 6.0 - Improper Privilege Management
CVSS 9.1
CVE-2024-8533 HIGH
Rockwell Automation - Privilege Escalation
CVSS 8.8
CVE-2024-7890 HIGH
Citrix Workspace < 2203.1 and < 2405 - Local Privilege Escalation
CVSS 7.3
CVE-2024-5760 HIGH
Samsung Universal Print Driver - Privilege Escalation
CVSS 7.8
CVE-2024-8306 HIGH
Vijeo Designer < 6.3 - Authenticated Privilege Escalation via Binary Tampering
CVSS 7.8
CVE-2024-40662 HIGH
Android - Local Privilege Escalation via Malformed Uri Object
CVSS 7.8
CVE-2024-40658 HIGH
SoftVideoDecoderOMXComponent - Memory Corruption
CVSS 7.8
CVE-2024-40657 HIGH
Android - Local Privilege Escalation via Confused Deputy in AccountTypePreferenceLoader
CVSS 7.8
CVE-2024-44893 CRITICAL
JimuReport <1.7.8 - Privilege Escalation
CVSS 9.8
CVE-2024-38014 HIGH KEV
Microsoft Windows Installer - Elevation of Privilege
CVSS 7.8
Details
Vulnerabilities 2,829
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits