CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,830 vulnerabilities with CWE-269
CVE-2024-21059 HIGH
Oracle Solaris 11 - Privilege Escalation in Utility Component
CVSS 7.8
CVE-2024-21034 MEDIUM
Oracle Complex Maintenance, Repair, and Overhaul 12.2.3-12.2.13 - Unauthenticated Improper Privilege Management in LOV
CVSS 6.1
CVE-2024-32003 HIGH
wn-dusk-plugin < 2.1.0 - Unauthenticated Privilege Escalation via Dusk Login Route
CVSS 8.8
CVE-2024-3388 MEDIUM
Palo Alto Networks PAN-OS - Privilege Escalation
CVSS 4.1
CVE-2024-29052 HIGH
Windows 10/11, Server 2022 Elevation of Privilege in Storage
CVSS 7.8
CVE-2024-28905 HIGH
Windows Server 2022 23H2 < 10.0.25398.830 - Elevation of Privilege in Brokering File System
CVSS 7.8
CVE-2024-28904 HIGH
Windows Server 2022 23H2 < 10.0.25398.830 - Elevation of Privilege in Brokering File System
CVSS 7.8
CVE-2024-21324 HIGH
Microsoft Defender for IoT < 24.1.3 - Elevation of Privilege
CVSS 7.2
CVE-2024-0082 HIGH
NVIDIA ChatRTX < 0.2.1 - Privilege Escalation via Open File Request
CVSS 8.2
CVE-2024-29741 HIGH
pblS2mpuResume - Privilege Escalation
CVSS 7.8
CVE-2024-31498 HIGH
Yubico ykman-gui <1.2.6 - Privilege Escalation
CVSS 8.8
CVE-2024-20282 MEDIUM
Cisco Nexus Dashboard - Privilege Escalation
CVSS 6.0
CVE-2024-0172 HIGH
Dell PowerEdge Server BIOS < 1.5.6 - Unauthenticated Privilege Escalation
CVSS 7.9
CVE-2024-3137 HIGH
uvdesk/community-skeleton - Privilege Escalation
CVSS 7.1
CVE-2024-29667 CRITICAL
Tongtianxing Technology Co., Ltd CMSV6 <7.31.0.3 - SQL Injection
CVSS 9.8
CVE-2024-23537 HIGH
Apache Fineract < 1.9.0 - Improper Privilege Management
CVSS 8.4
CVE-2024-25961 MEDIUM
Dell PowerScale OneFS 8.2.2.x-9.7.0.x - Privilege Escalation
CVSS 6.0
CVE-2024-28247 HIGH
Pi-hole < 5.18 - Authenticated Arbitrary File Read via Adlist Local File Update
CVSS 7.6
CVE-2024-1973 HIGH
Content Manager - Privilege Escalation
CVSS 8.5
CVE-2024-24892 HIGH
openEuler migration-tools <1.0.1 - Command Injection
CVSS 8.1
CVE-2024-26247 MEDIUM
Microsoft Edge < 123.0.2420.53 - Security Feature Bypass
CVSS 4.7
CVE-2024-2228 HIGH
Lifecycle Manager - Privilege Escalation
CVSS 7.1
CVE-2024-1908 MEDIUM
GitHub Enterprise Server <3.12 - Privilege Escalation
CVSS 6.3
CVE-2024-2390 HIGH
Nessus Plugin - Privilege Escalation
CVSS 7.8
CVE-2024-28851 MEDIUM
snowflake_hive_metastore_connector < 2024-02-09 - Privilege Escalation via Helper Script
CVSS 4.0
Details
Vulnerabilities 2,830
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits