CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,832 vulnerabilities with CWE-269
CVE-2023-37389 HIGH
SAASPROJECT Booking Package <1.5.98 - Privilege Escalation
CVSS 8.8
CVE-2023-32244 CRITICAL
XTemos Woodmart Core <1.0.36 - Privilege Escalation
CVSS 9.8
CVE-2023-26540 CRITICAL
Favethemes Houzez <2.7.1 - Privilege Escalation
CVSS 9.8
CVE-2023-26009 CRITICAL
Houzez Login Register <2.6.3 - Privilege Escalation
CVSS 9.8
CVE-2023-25701 CRITICAL
WhatArmy WatchTowerHQ <= 3.6.16 - Privilege Escalation
CVSS 9.8
CVE-2023-23990 HIGH
Qube One Ltd. Redirection - Privilege Escalation
CVSS 7.6
CVE-2023-45320 MEDIUM
Intel VTune Profiler < 2024.0 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 6.7
CVE-2023-40155 MEDIUM
Intel(R) CST <2.1.10300 - Privilege Escalation
CVSS 6.7
CVE-2023-33327 HIGH
Leyka <3.30.2 - Privilege Escalation
CVSS 8.8
CVE-2023-7241 HIGH
Webroot Antivirus <9.0.35.12 - Privilege Escalation
CVSS 7.9
CVE-2023-51425 CRITICAL
Rencontre - Dating Site <3.10.1 - Privilege Escalation
CVSS 9.8
CVE-2023-38292 HIGH
TCL 20XE com.tct.gcs.hiddenmenuproxy v11.0.1.0.0201.0 - Unauthenticated Factory Reset via Broadcast Intent
CVSS 8.7
CVE-2023-52543 MEDIUM
HarmonyOS - Improper Privilege Management in System Module
CVSS 6.2
CVE-2023-52716 HIGH
Huawei EMUI and HarmonyOS - Denial of Service via ActivityManagerService Background Activity Start
CVSS 7.5
CVE-2023-49232 CRITICAL
Stilog Visual Planning 8 - Auth Bypass
CVSS 9.8
CVE-2023-40289 HIGH
Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 - Authenticated Privilege Escalation via Command Injection
CVSS 7.2
CVE-2023-41099 HIGH
Atos Eviden CardOS API <5.5.5.2811 - Privilege Escalation
CVSS 7.8
CVE-2023-47715 MEDIUM
IBM Storage Protect Plus 10.1.0-10.1.16 - Authenticated Privilege Escalation via HyperVisor Configuration Manipulation
CVSS 4.3
CVE-2023-48902 CRITICAL
TramyardG AutoExpress <1.3.0 - Privilege Escalation
CVSS 9.8
CVE-2023-50677 HIGH
NETGEAR DGND4000 Firmware 1.1.00.15_1.00.15 - Privilege Escalation via next_file Parameter
CVSS 8.8
CVE-2023-50726 MEDIUM
Argo CD 1.2.0-2.8.11, 2.9.0-2.9.7 - Improper Privilege Management via Local Sync Feature
CVSS 6.4
CVE-2023-38944 CRITICAL
Multilaser RE160V/RE163V <12.03.01.09-10 - Auth Bypass
CVSS 9.8
CVE-2023-7016 HIGH
Thales SafeNet Authentication Client < 10.8 R10 - Privilege Escalation to SYSTEM via Local Access
CVSS 7.8
CVE-2023-5993 HIGH
Thales SafeNet Authentication Client < 10.8 R10 - Privilege Escalation via Windows Installer
CVSS 7.8
CVE-2023-42952 MEDIUM
iPadOS < 17.1 - Improper Privilege Management
CVSS 4.4
Details
Vulnerabilities 2,832
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits