CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,832 vulnerabilities with CWE-269
CVE-2023-48418 CRITICAL
Google Pixel Watch Firmware - Local Privilege Escalation via Insecure ADB Default Value
CVSS 10.0
CVE-2023-48419 CRITICAL
Google Nest Audio Firmware < 2.58 - Elevation of Privilege via WiFi Proximity
CVSS 10.0
CVE-2023-7080 HIGH
Cloudflare Wrangler 2.0.0-2.20.1 and 3.0.0-3.18.9 - Unauthenticated Remote Code Execution via V8 Inspector
CVSS 8.5
CVE-2023-51435 HIGH
Honor Magic UI < 6.1.0.212 - Improper Privilege Management
CVSS 7.1
CVE-2023-51433 LOW
Honor Magic UI < 6.1.0.212 - Improper Privilege Management
CVSS 2.9
CVE-2023-51430 MEDIUM
hihonor magic_ui < 6.1.0.212 - Improper Privilege Management
CVSS 4.4
CVE-2023-51429 MEDIUM
Honor MagicOS < 7.0.0.156 - Improper Privilege Management
CVSS 6.0
CVE-2023-23438 MEDIUM
Hihonor LGE-AN00 Firmware < 6.0.0.188 - Improper Privilege Management
CVSS 4.0
CVE-2023-23430 LOW
hihonor magichome < 7.60.10.303 - Improper Privilege Management
CVSS 3.3
CVE-2023-23429 MEDIUM
Honor MagicOS < 7.0.0.193 - Improper Privilege Management
CVSS 4.0
CVE-2023-23428 LOW
Honor MagicOS < 7.2.0.102 - Improper Privilege Management
CVSS 3.3
CVE-2023-23427 MEDIUM
Honor MagicOS < 7.1.0.74 - Improper Privilege Management
CVSS 4.0
CVE-2023-50267 MEDIUM
MeterSphere < 2.10.10 - Authenticated Improper Privilege Management
CVSS 4.3
CVE-2023-7090 MEDIUM
sudo < 1.8.28 - Privilege Mismanagement via ipa_hostname Propagation
CVSS 6.6
CVE-2023-51386 HIGH
Sandbox Accounts for Events - Info Disclosure
CVSS 7.8
CVE-2023-6804 MEDIUM
GitHub Enterprise Server 3.8.0-3.8.11 - Improper Privilege Management via Workflow Commit with Improperly Scoped PAT
CVSS 6.5
CVE-2023-46647 HIGH
GitHub Enterprise Server <3.8.12 - Privilege Escalation
CVSS 8.0
CVE-2023-47267 CRITICAL
TheGreenBow VPN Client 6.52.004-6.52.005 and 6.87.001-6.87.107 - Privilege Escalation via Memory Mapped File
CVSS 9.8
CVE-2023-6793 LOW
Palo Alto Networks PAN-OS 9.1.0-9.1.16 - Authenticated XML API Key Revocation via Privilege Escalation
CVSS 2.7
CVE-2023-41119 HIGH
EnterpriseDB Postgres Advanced Server <15.4.0 - Privilege Escalation
CVSS 8.8
CVE-2023-6507 MEDIUM
CPython 3.12.0 - Improper Privilege Management in subprocess extra_groups Parameter
CVSS 6.1
CVE-2023-48406 MEDIUM
Android - Denial of Service and Privilege Escalation via Modem Firmware Verification Logic Error
CVSS 6.7
CVE-2023-45083 MEDIUM
HyperCloud 1.0-<2.1.0 - Authenticated Privilege Escalation via Admin User Deletion
CVSS 4.2
CVE-2023-45253 HIGH
HuddlyCameraService < 8.0.7 - Privilege Escalation via RollingFileAppender.DeleteFile
CVSS 7.8
CVE-2023-6218 HIGH
MOVEit Transfer <2022.0.9, 2022.1.10, 2023.0.7 - Privilege Escalation
CVSS 7.2
Details
Vulnerabilities 2,832
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits