CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,829 vulnerabilities with CWE-269
CVE-2024-42366 CRITICAL
VRCX < 2024.03.23 - Remote Code Execution via CefSharp Browser Over-Permission and XSS
CVSS 9.0
CVE-2024-22069 HIGH
ZTE ZXV10 XT802/ET301 - Privilege Escalation
CVSS 7.1
CVE-2024-43199 HIGH
Nagios NDOUtils <2.1.4 - Privilege Escalation
CVSS 7.8
CVE-2024-6359 MEDIUM
OpenText ArcSight Intelligence - Privilege Escalation
CVSS 6.4
CVE-2024-7291 HIGH
JetFormBuilder <3.3.4.1 - Privilege Escalation
CVSS 7.2
CVE-2024-33894 HIGH
Ewon Cosy+ Firmware 21.x < 21.2s10 and 22.x < 22.1s3 - Insecure Permission Assignment
CVSS 8.8
CVE-2024-27181 HIGH
Apache Linkis <=1.5.0 - Privilege Escalation
CVSS 8.8
CVE-2024-22278 MEDIUM
Harbor <v2.9.5-<v2.10.3 - Privilege Escalation
CVSS 6.4
CVE-2024-41949 LOW
biscuit-auth < 5.0.0 - Improper Privilege Management via Third-Party Block Request Forgery
CVSS 3.0
CVE-2024-39634 HIGH
IdeaBox PowerPack Pro for Elementor <2.10.14 - Privilege Escalation
CVSS 8.8
CVE-2024-39633 HIGH
IdeaBox PowerPack for Beaver Builder <2.33.0 - Privilege Escalation
CVSS 8.8
CVE-2024-38775 HIGH
WebAppick CTX Feed <6.5.6 - Privilege Escalation
CVSS 7.2
CVE-2024-38770 CRITICAL
Revmakx Backup and Staging <1.22.20 - Privilege Escalation
CVSS 9.8
CVE-2024-40802 HIGH
macOS 12.0-12.7.5, 13.0-13.6.7, 14.0-14.5 - Local Privilege Escalation
CVSS 7.8
CVE-2024-40781 HIGH
macOS 12.0-12.7.5, 13.0-13.6.7, 14.0-14.5 - Local Privilege Escalation
CVSS 7.8
CVE-2024-27826 HIGH
macOS Ventura <13.6.8 - Code Injection
CVSS 7.8
CVE-2024-37858 CRITICAL
Lost and Found Information System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-42050 HIGH
Splashtop Streamer < 3.7.0.0 - Privilege Escalation via Weak MSI Installer Folder Permissions
CVSS 7.0
CVE-2024-27357 MEDIUM
WithSecure <23.x - Privilege Escalation
CVSS 5.8
CVE-2024-41666 MEDIUM
Argo CD 2.6.0-2.9.21 - Privilege Escalation via Web Terminal Permission Revocation Bypass
CVSS 4.7
CVE-2024-1575 MEDIUM
Zyxel NWA and WAX Series Firmware < 7.00 - Authenticated Privilege Escalation via Configuration Download
CVSS 6.5
CVE-2024-24970 MEDIUM
HP Display Control - Privilege Escalation
CVSS 6.5
CVE-2024-6908 MEDIUM
Yugabyte Platform - Privilege Escalation
CVE-2024-30473 MEDIUM
Dell ECS < 3.8.1.1 - Privilege Escalation in User Management
CVSS 4.9
CVE-2024-21141 HIGH
Oracle VM VirtualBox < 7.0.20 - Privilege Escalation in Core Component
CVSS 8.2
Details
Vulnerabilities 2,829
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits