CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,829 vulnerabilities with CWE-269
CVE-2024-37980 HIGH
Microsoft SQL Server 2016-2022 Privilege Escalation
CVSS 8.8
CVE-2024-39574 MEDIUM
Dell PowerScale InsightIQ 5.1 - Denial of Service via Improper Privilege Management
CVSS 6.7
CVE-2024-45041 HIGH
External Secrets Operator - Privilege Escalation
CVSS 8.3
CVE-2024-7493 CRITICAL
WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Registration
CVSS 9.8
CVE-2024-8247 HIGH
WordPress Newsletters <4.9.9.2 - Privilege Escalation
CVSS 8.8
CVE-2024-45173 HIGH
za-internet C-MOR Video Surveillance 5.2401 - Privilege Escalation
CVSS 8.8
CVE-2024-45058 HIGH
i-Educar <2.9 - Privilege Escalation
CVSS 8.1
CVE-2024-4555 HIGH
OpenText NetIQ Access Manager < 5.0.4.1 and < 5.1 - User Account Impersonation
CVSS 7.7
CVE-2024-42774 HIGH
Kashipara Hotel Management System <1.0 - Info Disclosure
CVSS 7.5
CVE-2024-36439 CRITICAL
Swissphone DiCal-RED 4009 - Info Disclosure
CVSS 9.4
CVE-2024-33656 HIGH
AMI Aptio V 5.0-5.35 - Privilege Escalation via SmmComputrace DXE Module
CVSS 7.8
CVE-2024-43403 HIGH
Kanister - Privilege Escalation via ClusterRole Binding
CVSS 8.8
CVE-2024-33872 CRITICAL
Keyfactor Command <10.5.1, <11.5.1 - SQL Injection
CVSS 9.8
CVE-2024-43311 CRITICAL
Geek Code Lab Login As Users <1.4.2 - Privilege Escalation
CVSS 9.8
CVE-2024-43245 CRITICAL
eyecix JobSearch <2.3.4 - Privilege Escalation
CVSS 9.8
CVE-2024-43401 CRITICAL
XWiki Platform < 15.10-rc-1 - Unauthenticated Privilege Escalation via WYSIWYG Editor Payload
CVSS 9.0
CVE-2024-44076 CRITICAL
microcks < 1.10.0 - Improper Privilege Management in Import/Export Endpoints
CVSS 9.8
CVE-2024-42995 HIGH
VTiger CRM <= 8.1.0 - Privilege Escalation
CVSS 8.3
CVE-2024-34743 HIGH
SurfaceFlinger - Privilege Escalation
CVSS 7.8
CVE-2024-34741 HIGH
Android - Local Privilege Escalation via Lock Screen Visibility Logic Error
CVSS 7.8
CVE-2024-42440 MEDIUM
Zoom Workplace Desktop App <6.1.5 - Privilege Escalation
CVSS 6.2
CVE-2024-21807 HIGH
Intel(R) Ethernet Network Controllers <28.3 - Privilege Escalation
CVSS 8.8
CVE-2024-43121 CRITICAL
realmag777 HUSKY <1.3.6.1 - Privilege Escalation
CVSS 9.1
CVE-2024-41903 MEDIUM
SINEC Traffic Analyzer < 2.0 - Unauthorized Filesystem Modification via Container Root Mount
CVSS 6.6
CVE-2024-27442 HIGH
Zimbra Collaboration 9.0-10.0 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 2,829
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits