CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,835 vulnerabilities with CWE-269
CVE-2022-23296 HIGH
Windows Installer - Improper Privilege Management
CVSS 7.8
CVE-2022-25311 HIGH
SINEC NMS < 2.0 and SINEMA Server V14 - Authenticated Privilege Escalation via Session Privilege Check Bypass
CVSS 7.3
CVE-2022-24408 HIGH
SINUMERIK MC/V1.15 SP1, SINUMERIK ONE/V6.15 SP1 - Privilege Escalation
CVSS 7.8
CVE-2022-0441 CRITICAL
MasterStudy LMS <2.7.6 - Info Disclosure
CVSS 9.8
CVE-2022-25089 CRITICAL
Printix < 1.3.1106.0 - Privilege Escalation via UITasks.PersistentRegistryData
CVSS 9.8
CVE-2022-23921 HIGH
GE Proficy CIMPLICITY < 11.1 - Authenticated Local Privilege Escalation and Code Execution
CVSS 7.5
CVE-2022-25636 HIGH
Linux Kernel 5.4-5.6.10 - Privilege Escalation via nf_dup_netdev Heap Out-of-Bounds Write
CVSS 7.8
CVE-2022-25372 HIGH
pritunl-client-electron < 1.2.3019.52a - Local Privilege Escalation via CREATOR OWNER ACL
CVSS 7.8
CVE-2022-23604 HIGH
x26-cogs < 1.10.0 - Authenticated Privilege Escalation via Defender Cog
CVSS 8.8
CVE-2022-25150 HIGH
Malwarebytes Binisoft Windows Firewall Control < 6.8.1.0 - Privilege Escalation via Tools Tab
CVSS 7.8
CVE-2022-24927 MEDIUM
Samsung Video Player < 7.3.15.30 - Unauthenticated Arbitrary Video Execution
CVSS 4.2
CVE-2022-22509 HIGH
Phoenix Contact FL SWITCH Series 2xxx <3.00 - Privilege Escalation
CVSS 8.8
CVE-2022-21699 HIGH
IPython < 5.10.0 - Arbitrary Code Execution via Cross-User Temporary File Mismanagement
CVSS 8.2
CVE-2022-0090 MEDIUM
GitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Improper Privilege Management via Git Sub-Command Replacement References
CVSS 6.5
CVE-2022-21970 MEDIUM
Microsoft Edge < - Privilege Escalation
CVSS 6.1
CVE-2022-21902 HIGH
Windows DWM Core Library - Elevation of Privilege
CVSS 7.8
CVE-2022-0144 HIGH
shelljs < 0.8.5 - Improper Privilege Management
CVSS 7.1
CVE-2022-22266 MEDIUM
TencentWifiSecurity <SMR Jan-2022 Release 1 - Info Disclosure
CVSS 4.0
CVE-2022-22263 MEDIUM
SecSettings <SMR Jan-2022 Release 1 - Code Injection
CVSS 4.0
CVE-2021-43768 MEDIUM
Malwarebytes For Teams <1.0.1003 - Privilege Escalation
CVSS 5.3
CVE-2021-3978 HIGH
cloudflare/octorpki < 1.4.2 - Local Privilege Escalation via rsync suid Bit Handling
CVSS 7.5
CVE-2021-37942 HIGH
Elastic APM Java Agent 1.18.0-1.26.10 - Local Privilege Escalation via Malicious Plugin Attachment
CVSS 7.0
CVE-2021-37937 MEDIUM
Elasticsearch 7.13.0-7.13.9 - Privilege Escalation via Fleet-Server API Key Creation
CVSS 5.9
CVE-2021-26734 MEDIUM
Zscaler Client Connector < 3.4.0.124 - Privilege Escalation via Directory Junction Mishandling
CVSS 4.4
CVE-2021-35309 HIGH
Samsung SyncThru Web Service SPL <5.93 - Privilege Escalation
CVSS 7.5
Details
Vulnerabilities 2,835
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits