CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,833 vulnerabilities with CWE-269
CVE-2023-36765 HIGH
Microsoft Office - Privilege Escalation
CVSS 7.8
CVE-2023-35676 HIGH
Android - Local Privilege Escalation via Unsafe PendingIntent in SaveImageInBackgroundTask
CVSS 7.8
CVE-2023-35674 HIGH KEV
Android - Local Privilege Escalation via WindowState Logic Error
CVSS 7.8
CVE-2023-35671 MEDIUM
Android - Local Information Disclosure via NFC Host Emulation
CVSS 5.5
CVE-2023-35667 HIGH
Android - Local Privilege Escalation via Notification Listener Settings Logic Error
CVSS 7.8
CVE-2023-20194 MEDIUM
Cisco Identity Services Engine - Authenticated Arbitrary File Read via ERS API
CVSS 4.9
CVE-2023-20193 MEDIUM
Cisco Identity Services Engine < 2.7 - Privilege Escalation & Arbitrary File Manipulation
CVSS 6.0
CVE-2023-41053 LOW
Redis <7.0.13,7.2.1 - Info Disclosure
CVSS 3.3
CVE-2023-30713 MEDIUM
Samsung Android One UI Home - Improper Privilege Management in FolderLockNotifier
CVSS 6.2
CVE-2023-32426 HIGH
macOS 13.0-13.2 - Privilege Escalation to Root
CVSS 7.8
CVE-2023-29166 HIGH
Pro Video Formats <2.2.5 - Privilege Escalation
CVSS 8.8
CVE-2023-40918 HIGH
KnowStreaming 3.3.0 - Privilege Escalation
CVSS 8.8
CVE-2023-36100 CRITICAL
IceCMS 2.0.1 - Privilege Escalation
CVSS 9.8
CVE-2023-4697 HIGH
memos < 0.13.2 - Improper Privilege Management
CVSS 8.8
CVE-2023-41743 HIGH
Acronis Cyber Protect and True Image OEM - Local Privilege Escalation via Insecure Driver Communication Port
CVSS 7.8
CVE-2023-31175 HIGH
SEL-5037 SEL Grid Configurator <4.5.0.20 - Privilege Escalation
CVSS 8.8
CVE-2023-3636 HIGH
WP Project Manager < 2.6.5 - Authenticated Privilege Escalation via User Role Modification
CVSS 8.8
CVE-2023-20266 MEDIUM
Cisco Emergency Responder, Unified CM, Unity Connection - Privilege Escalation via Crafted Upgrade File
CVSS 6.5
CVE-2023-32457 HIGH
Dell PowerScale OneFS 9.2.1.0-9.2.1.21 and 9.5.0.0-9.5.0.2 - Privilege Escalation
CVSS 7.5
CVE-2023-32559 HIGH
Node.js 16.x-20.x - Privilege Escalation via Policy Mechanism Bypass
CVSS 7.5
CVE-2023-4404 CRITICAL
Charitable < 1.7.0.12 - Unauthenticated Privilege Escalation via User Registration Role Parameter
CVSS 9.8
CVE-2023-38734 MEDIUM
IBM Robotic Process Automation <23.0.1 - Privilege Escalation
CVSS 6.6
CVE-2023-3699 HIGH
ASUSTOR Data Master 4.0.6.RIS1-4.2.2.RI61 - Unauthenticated Privilege Escalation via Storage Devices Configuration
CVSS 8.7
CVE-2023-25647 MEDIUM
ZTE Axon 30/40 Pro/40 Ultra, Nubia Z50 Firmware < 3.0.0b06/1.0.0b16/2.0.0b17/1.0.0b19mr - Privilege Escalation
CVSS 4.7
CVE-2023-32490 MEDIUM
Dell PowerScale OneFS 9.2.1.0-9.2.1.21 and 9.5.0.0-9.5.0.2 - Privilege Escalation
CVSS 6.7
Details
Vulnerabilities 2,833
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits