CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,830 vulnerabilities with CWE-269
CVE-2024-22922 CRITICAL
Projectworlds Vistor Management System <1.0 - Privilege Escalation
CVSS 9.8
CVE-2024-0751 HIGH
Firefox < 122 and Firefox ESR < 115.7 - Privilege Escalation via Malicious DevTools Extension
CVSS 8.8
CVE-2024-21638 CRITICAL
Azure IPAM < 3.0.0 - Unauthenticated Privilege Escalation via Token Validation Bypass
CVSS 9.1
CVE-2024-21622 MEDIUM
Craft CMS 3.0.0-3.9.5 and 4.0.0-RC1-4.4.15 - Privilege Escalation
CVSS 5.4
CVE-2023-7343 HIGH
Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File
CVSS 7.8
CVE-2023-7342 HIGH
Belden HiSecOS Web Server Privilege Escalation
CVSS 8.8
CVE-2023-53908 HIGH
HiSecOS 04.0.01 - Privilege Escalation
CVSS 8.8
CVE-2023-50450 HIGH
Sensopart Visor Vision Sensors Firmware < 2.10.0.2 - Improper Privilege Management
CVSS 8.4
CVE-2023-32197 MEDIUM
Rancher 2.7.0-2.7.13 and 2.8.0-2.8.4 - Privilege Escalation via RoleTemplate External Setting
CVSS 6.6
CVE-2023-41076 HIGH
macOS < 14.0 - Privilege Escalation
CVSS 7.3
CVE-2023-38614 MEDIUM
iPadOS < 17.0 - Unprotected User Data Exposure via Permissions Issue
CVSS 4.3
CVE-2023-32196 MEDIUM
Rancher 2.7.0-2.7.13 and 2.8.0-2.8.4 - Privilege Escalation via RoleTemplate External Check Bypass
CVSS 6.6
CVE-2023-32194 HIGH
Rancher 2.6.0-2.6.13, 2.7.0-2.7.9, 2.8.0-2.8.1 - Improper Privilege Management in Global Role Assignment
CVSS 7.2
CVE-2023-22576 HIGH
Dell Repository Manager < 3.4.3 - Local Privilege Escalation via Installation Module
CVSS 7.0
CVE-2023-48171 HIGH
OWASP DefectDojo < 1.5.3.1 - Privilege Escalation via User Permissions Component
CVSS 8.8
CVE-2023-52209 HIGH
WPForms <2.1.0 - Privilege Escalation
CVSS 8.0
CVE-2023-50700 HIGH
Deepin dde-file-manager <6.0.54 - Privilege Escalation
CVSS 7.8
CVE-2023-4976 CRITICAL
PureStorage FlashBlade Privilege Escalation via Unintended Authentication
CVE-2023-21114 HIGH
Android - Local Privilege Escalation via Confused Deputy in Wifi Module
CVSS 7.8
CVE-2023-21113 HIGH
Android - Local Privilege Escalation via Confused Deputy
CVSS 7.8
CVE-2023-51776 HIGH
Jungo WinDriver <12.1.0 - Privilege Escalation
CVSS 7.8
CVE-2023-37058 CRITICAL
Jlink AX1800 1.0 - Privilege Escalation via Crafted Command
CVSS 9.8
CVE-2023-47837 HIGH
ARMember < 4.0.10 - Privilege Escalation
CVSS 8.3
CVE-2023-46810 HIGH
Ivanti Secure Access Client for Linux <22.7R1 - Privilege Escalation
CVSS 7.3
CVE-2023-43845 CRITICAL
Aten PE6208 <2.3.228-2.4.232 - Privilege Escalation
CVSS 9.8
Details
Vulnerabilities 2,830
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits