CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,830 vulnerabilities with CWE-269

CVE-2024-27301 HIGH

Support App 2.3.1-2.5.1 - Privilege Escalation via .zshenv in Postinstall Script

CVSS 7.3

CVE-2024-28391 CRITICAL

FME Modules quickproducttable < 1.3.0 - SQL Injection and Privilege Escalation via readCsv() and displayAjax Methods

CVSS 9.8

CVE-2024-2433 MEDIUM

Palo Alto Networks Panorama - Privilege Escalation

CVSS 4.3

CVE-2024-2432 MEDIUM

Palo Alto Networks GlobalProtect < - Privilege Escalation

CVSS 4.5

CVE-2024-2431 MEDIUM

Palo Alto Networks GlobalProtect - Privilege Escalation

CVSS 5.5

CVE-2024-20262 MEDIUM

Cisco IOS XR - Privilege Escalation

CVSS 6.5

CVE-2024-1505 HIGH

Academy LMS < 1.9.19 - Authenticated Privilege Escalation via User Meta Update

CVSS 8.8

CVE-2024-1138 HIGH

TIBCO FTL - Enterprise Edition <6.10.1 - Privilege Escalation

CVSS 8.8

CVE-2024-26169 HIGH KEV

Windows Error Reporting Service - Elevation of Privilege

CVSS 7.8

CVE-2024-28197 HIGH

Zitadel < 2.44.3 - Session Hijacking via Subdomain Cookie Access

CVSS 7.5

CVE-2024-27233 HIGH

Android - Local Privilege Escalation via Uninitialized Data in ppcfw_init_secpolicy

CVSS 7.8

CVE-2024-27224 HIGH

Android - Local Privilege Escalation via strncpy Bounds Check Bypass

CVSS 7.8

CVE-2024-27222 HIGH

Android - Local Privilege Escalation via Intent Redirect GRANT_URI_PERMISSIONS Attack

CVSS 7.8

CVE-2024-27210 HIGH

Android - Local Privilege Escalation via Missing Bounds Check in fvp.c policy_check

CVSS 7.8

CVE-2024-27207 CRITICAL

Android - Improper Privilege Management via Exported Broadcast Receivers

CVSS 9.1

CVE-2024-25990 MEDIUM

Android - Local Privilege Escalation via Race Condition in pktproc_perftest_gen_rx_packet_sktbuf_mode

CVSS 6.4

CVE-2024-25987 MEDIUM

Android - Local Privilege Escalation via pt_sysctl_command Bounds Check Bypass

CVSS 6.7

CVE-2024-22008 HIGH

Google Android - Out-of-Bounds Write in tmu.c

CVSS 7.8

CVE-2024-0049 HIGH

Android - Local Privilege Escalation via Heap Buffer Overflow

CVSS 7.8

CVE-2024-0046 HIGH

Android - Local Privilege Escalation via InstallPackageHelper Logic Error

CVSS 7.8

CVE-2024-23276 HIGH

macOS < 12.7.4, < 13.6.5, < 14.4 - Privilege Escalation

CVSS 7.8

CVE-2024-23253 LOW

macOS < 14.4 - Unprotected User Data Exposure via Photos Library Permissions

CVSS 3.3

CVE-2024-22752 HIGH

EaseUS MobiMover <6.0.5 - Privilege Escalation

CVSS 8.1

CVE-2024-1442 MEDIUM

Grafana 8.5.0-9.5.6 - Improper Privilege Management via Data Source UID Manipulation

CVSS 6.0

CVE-2024-2005 CRITICAL

Blue Planet Inventory < 22.12 - Privilege Escalation via SAML Misconfiguration

CVSS 9.0

Details

Vulnerabilities 2,830

Exploit Likelihood Medium

Links