CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,830 vulnerabilities with CWE-269

CVE-2024-23710 HIGH

Android - Local Privilege Escalation via InstallPackageHelper Logic Error

CVSS 7.8

CVE-2024-0024 HIGH

Android - Improper Privilege Management in UserManagerService

CVSS 7.8

CVE-2024-29210 LOW

Phish Alert Button for Outlook - Privilege Escalation

CVSS 2.8

CVE-2024-29150 HIGH

Alcatel-Lucent ALE NOE deskphones <86x8_NOE-R300.1.40.12.4180 - Pri...

CVSS 8.8

CVE-2024-20021 MEDIUM

Android - Local Privilege Escalation via Physical Memory Remapping

CVSS 6.7

CVE-2024-33398 HIGH

piraeus-operator <= 2.5.0 - Improper Privilege Management via ClusterRole Secrets Access

CVSS 7.5

CVE-2024-34146 MEDIUM

Jenkins Git server Plugin <114.v068a_c7cc2574 - Privilege Escalation

CVSS 6.5

CVE-2024-33393 MEDIUM

spidernet-io spiderpool <0.9.3 - RCE

CVSS 6.2

CVE-2024-23457 HIGH

Zscaler Client Connector <4.2.0.209 - Info Disclosure

CVSS 7.8

CVE-2024-33775 CRITICAL

Nagios XI 2024R1.01 - Privilege Escalation via Autodiscover Dashlet

CVSS 9.8

CVE-2024-33308 CRITICAL

TVS Motor Company Limited TVS Connet <5.0.0 - Privilege Escalation

CVSS 9.1

CVE-2024-33522 MEDIUM

Calico < 3.26.5 - Improper Privilege Management

CVSS 6.7

CVE-2024-27518 HIGH

SUPERAntiSpyware Professional X 10.0.1262-10.0.1264 - Privilege Escalation

CVSS 7.8

CVE-2024-31502 HIGH

Insurance Management System <1.0.0 - Privilege Escalation

CVSS 8.1

CVE-2024-25343 CRITICAL

Tenda N300 F3 - Privilege Escalation

CVSS 9.1

CVE-2024-28241 HIGH

glpi_agent < 1.7.2 - Privilege Escalation via DLL Modification

CVSS 7.3

CVE-2024-32418 CRITICAL

flusity CMS 2.33 - Remote Code Execution via add_addon.php

CVSS 9.8

CVE-2024-4018 HIGH

BeyondTrust U-Series <4.0.3 - Privilege Escalation

CVSS 8.8

CVE-2024-4017 HIGH

BeyondTrust U-Series <4.0.3 - Privilege Escalation

CVSS 8.8

CVE-2024-3470 MEDIUM

GitHub Enterprise Server 3.11.0-3.11.7 - Improper Privilege Management via Deploy Key Ruleset Bypass

CVSS 5.9

CVE-2024-21989 HIGH

ONTAP Select Deploy <9.14.1.x - Privilege Escalation

CVSS 8.1

CVE-2024-21121 MEDIUM

Oracle VM VirtualBox < 7.0.16 - Unauthorized Data Access via Core Component

CVSS 6.5

CVE-2024-21118 MEDIUM

Oracle Outside In Technology 8.5.6 and 8.5.7 - Improper Privilege Management in Outside In Core

CVSS 5.3

CVE-2024-21111 HIGH

Oracle VM VirtualBox < 7.0.16 - Privilege Escalation via Core Component

CVSS 7.8

CVE-2024-21101 LOW

MySQL Cluster <= 7.5.33, <= 7.6.29, <= 8.0.36, 8.3.0 - Unauthorized Data Access via Network Protocols

CVSS 2.2

Details

Vulnerabilities 2,830

Exploit Likelihood Medium

Links