CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,835 vulnerabilities with CWE-269
CVE-2021-31350 HIGH
Juniper Junos OS and Junos OS Evolved - Authenticated Privilege Escalation via JET API gRPC Framework
CVSS 7.5
CVE-2021-40854 HIGH
AnyDesk <6.2.6, <6.3.3 - Privilege Escalation
CVSS 7.8
CVE-2021-41348 HIGH
Microsoft Exchange Server - Elevation of Privilege
CVSS 8.0
CVE-2021-41347 HIGH
Windows AppX Deployment Service - Improper Privilege Management
CVSS 7.8
CVE-2021-41345 HIGH
Windows Storage Spaces Controller - Elevation of Privilege via Integer Overflow
CVSS 7.8
CVE-2021-41339 MEDIUM
Microsoft DWM Core Library - Elevation of Privilege
CVSS 4.7
CVE-2021-41335 HIGH
Windows Kernel - Improper Privilege Management
CVSS 7.8
CVE-2021-41334 HIGH
Windows Desktop Bridge - Improper Privilege Management
CVSS 7.0
CVE-2021-40489 HIGH
Storage Spaces Controller - Privilege Escalation
CVSS 7.8
CVE-2021-40488 HIGH
Storage Spaces Controller - Privilege Escalation
CVSS 7.8
CVE-2021-40478 HIGH
Storage Spaces Controller - Privilege Escalation
CVSS 7.8
CVE-2021-40477 HIGH
Windows Event Tracing - Privilege Escalation
CVSS 7.8
CVE-2021-40470 HIGH
DirectX Graphics Kernel - Privilege Escalation
CVSS 7.8
CVE-2021-40467 HIGH
Windows Common Log File System Driver - Privilege Escalation
CVSS 7.8
CVE-2021-40466 HIGH
Windows Common Log File System Driver - Privilege Escalation
CVSS 7.8
CVE-2021-40464 HIGH
Windows Nearby Sharing - Privilege Escalation
CVSS 8.0
CVE-2021-40443 HIGH
Windows Common Log File System Driver - Privilege Escalation
CVSS 7.8
CVE-2021-26441 HIGH
Windows 10, 11, 8.1, RT 8.1, Server 2012, and Server - Elevation of Privilege via Storage Spaces Controller
CVSS 7.8
CVE-2021-22263 MEDIUM
GitLab 13.0-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Privilege Escalation via Project Token Abuse
CVSS 5.5
CVE-2021-27664 CRITICAL
exacqVision Server - Info Disclosure
CVSS 9.8
CVE-2021-42135 HIGH
HashiCorp Vault 1.8.0-1.8.4 - Improper Privilege Management via Glob Policy Interaction
CVSS 8.1
CVE-2021-34766 MEDIUM
Cisco Smart Software Manager On-Prem < 8-202108 - Authenticated Privilege Escalation via Web UI
CVSS 5.4
CVE-2021-0691 MEDIUM
Android 11 - Local Privilege Escalation via SELinux Policy Misconfiguration
CVSS 6.7
CVE-2021-28702 HIGH
Xen 4.13.0-4.15.1 - Improper Privilege Management in PCI Device Deassignment
CVSS 7.6
CVE-2021-23893 HIGH
McAfee Drive Encryption < 7.3.0 - Privilege Escalation via Unutilized Memory Buffer
CVSS 8.8
Details
Vulnerabilities 2,835
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits