CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,835 vulnerabilities with CWE-269
CVE-2021-28411 CRITICAL
RuoYi <3.4.0 - Privilege Escalation
CVSS 9.8
CVE-2021-42082 HIGH
QuantaStor < 6.0.0.355 - Local Privilege Escalation via qs_upgrade.py Task Parameter
CVSS 7.8
CVE-2021-46894 CRITICAL
Huawei EMUI - Use-After-Free in uinput Module
CVSS 9.8
CVE-2021-31937 HIGH
Microsoft Edge Chromium < 91.0.864.37 - Elevation of Privilege
CVSS 8.2
CVE-2021-3809 HIGH
HP PC BIOS - Arbitrary Code Execution in UEFI Firmware
CVSS 7.8
CVE-2021-3808 HIGH
HP PC BIOS - Arbitrary Code Execution in UEFI Firmware
CVSS 7.8
CVE-2021-3439 HIGH
HP 340 G3/G4, 346 G3/G4, 348 G3/G4, Elite Dragonfly, Elite x2, EliteBook Firmware - Improper Privilege Management
CVSS 7.8
CVE-2021-4314 MEDIUM
Zowe API Mediation Layer 1.16.0-1.18.9 - Improper Privilege Management via JWT Token Manipulation
CVSS 5.3
CVE-2021-3919 CRITICAL
HP Command Center and OMEN Gaming Hub - Privilege Escalation and Denial of Service
CVSS 9.8
CVE-2021-34579 HIGH
Phoenix Contact FL MGUARD DM 1.12.0 and 1.13.0 - Unauthenticated Sensitive Information Exposure via Apache Web Server
CVSS 7.5
CVE-2021-43076 MEDIUM
FortiADC <6.2.1-5.3.7 - Privilege Escalation
CVSS 6.3
CVE-2021-25657 HIGH
Avaya IP Office Admin Lite and USB Creator < 11.1 - Privilege Escalation
CVSS 7.8
CVE-2021-3020 HIGH
ClusterLabs Hawk <2.3.0-15 - Privilege Escalation
CVSS 8.8
CVE-2021-0891 HIGH
Android - Information Disclosure via PowerVR Driver Uninitialized Heap Memory
CVSS 7.5
CVE-2021-23265 LOW
Crafter CMS 3.1.0 through 3.1.18 - Privilege Escalation
CVSS 3.5
CVE-2021-27767 MEDIUM
BigFix Console - Privilege Escalation
CVSS 6.7
CVE-2021-27766 MEDIUM
BigFix Client - Privilege Escalation
CVSS 6.7
CVE-2021-27765 MEDIUM
BigFix Server API - Privilege Escalation
CVSS 6.7
CVE-2021-4200 MEDIUM
SUSE Rancher <2.5.13, <2.6.4 - Privilege Escalation
CVSS 5.4
CVE-2021-36784 HIGH
SUSE Rancher < 2.5.13 and 2.6.0-2.6.4 - Privilege Escalation via Restricted-Admin Role
CVSS 7.2
CVE-2021-36207 HIGH
Metasys ADS/ADX/OAS <11 - Privilege Escalation
CVSS 8.8
CVE-2021-3101 HIGH
Hotdog <1.0.1 - Privilege Escalation
CVSS 8.8
CVE-2021-3100 HIGH
Apache Log4j <log4j-cve-2021-44228-hotpatch-1.1-13 - Privilege Esca...
CVSS 8.8
CVE-2021-39807 HIGH
Android - Local Privilege Escalation via SecureNfcEnabler Permission Bypass
CVSS 7.8
CVE-2021-39797 HIGH
Android - Local Privilege Escalation via LauncherApps Logic Error
CVSS 7.8
Details
Vulnerabilities 2,835
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits