CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,835 vulnerabilities with CWE-269
CVE-2021-43828 HIGH
PatrowlManager < 1.7.7 - Unauthenticated Information Disclosure via Predictable Import Filename
CVSS 7.5
CVE-2021-39944 HIGH
GitLab 11.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Privilege Escalation via Project Import
CVSS 7.1
CVE-2021-39937 MEDIUM
GitLab < 14.3.6, 14.4-14.4.4, 14.5-14.5.2 - Improper Privilege Management via Access Memoization Collision
CVSS 5.9
CVE-2021-43528 MEDIUM
Thunderbird < 91.4.0 - Unexpected JavaScript Execution in Composition Area
CVSS 6.5
CVE-2021-37941 HIGH
Elastic APM Java Agent 1.10.0-1.26.0 - Local Privilege Escalation via Attacher CLI or API
CVSS 7.8
CVE-2021-25515 MEDIUM
SemRewardManager <SMR Dec-2021 Release 1 - Info Disclosure
CVSS 4.0
CVE-2021-25513 LOW
Apps Edge <SMR Dec-2021 Release 1 - Privilege Escalation
CVSS 2.4
CVE-2021-44021 HIGH
Trend Micro Worry-Free Business Security 10.0 SP1 - Local Privilege Escalation
CVSS 7.8
CVE-2021-44020 HIGH
Trend Micro Worry-Free Business Security 10.0 SP1 - Local Privilege Escalation
CVSS 7.8
CVE-2021-44019 HIGH
Trend Micro Worry-Free Business Security 10.0 SP1 - Local Privilege Escalation
CVSS 7.8
CVE-2021-43793 MEDIUM
Discourse < 2.7.11 - Improper Privilege Management in Polls Feature
CVSS 4.3
CVE-2021-43211 MEDIUM
Windows 10 Update Assistant - Privilege Escalation
CVSS 5.5
CVE-2021-35052 HIGH
Kaspersky Password Manager - Privilege Escalation
CVSS 7.8
CVE-2021-28710 HIGH
Xen - Improper Privilege Management in VT-d IOMMU Shared Page Table Mode
CVSS 8.8
CVE-2021-36307 HIGH
Networking OS10 <October 2021 - Privilege Escalation
CVSS 8.8
CVE-2021-23193 HIGH
Gallagher Command Centre <8.50.2048 - Privilege Escalation
CVSS 8.1
CVE-2021-35534 HIGH
Hitachi Energy Relion - Info Disclosure
CVSS 7.2
CVE-2021-37938 MEDIUM
Kibana 7.9.0-7.15.1 - Path Traversal via .pbf File Loading
CVSS 4.3
CVE-2021-42956 HIGH
Zoho Manageengine Remote Access Plus Server < 10.1.2132.6 - Improper Privilege Management
CVSS 7.8
CVE-2021-42322 HIGH
Visual Studio Code < 1.16.2 - Elevation of Privilege
CVSS 7.8
CVE-2021-42319 MEDIUM
Visual Studio 2017 15.0-15.8 and 2019 16.0-16.10 - Improper Privilege Management
CVSS 4.7
CVE-2021-42304 MEDIUM
Azure RTOS < 6.1.9 - Elevation of Privilege
CVSS 6.6
CVE-2021-42303 MEDIUM
Azure RTOS < 6.1.9 - Improper Privilege Management
CVSS 6.6
CVE-2021-42302 MEDIUM
Azure RTOS < 6.1.9 - Elevation of Privilege
CVSS 6.6
CVE-2021-42291 HIGH
Windows Server - Active Directory Domain Services Elevation of Privilege
CVSS 7.5
Details
Vulnerabilities 2,835
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits