CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,836 vulnerabilities with CWE-269
CVE-2021-36954 HIGH
Windows 10 and Windows Server 2016/2019/2022 - Elevation of Privilege via Bind Filter Driver
CVSS 8.8
CVE-2021-40354 HIGH
Teamcenter Visualization < 12.4.0.8 - Improper Privilege Management via Surrogate Functionality
CVSS 7.1
CVE-2021-37173 HIGH
Siemens RUGGEDCOM ROX Firmware < 2.14.1 - Privilege Escalation via File Operation Restrictions
CVSS 8.8
CVE-2021-38540 CRITICAL
Airflow >=2.0.0-<2.1.3 - RCE/Info Disclosure
CVSS 9.8
CVE-2021-1868 HIGH
iPadOS < 14.5 - Improper Privilege Management
CVSS 7.8
CVE-2021-1853 HIGH
macOS 11.0-11.2 - Privilege Escalation
CVSS 7.8
CVE-2021-1851 HIGH
iPadOS < 14.5 - Privilege Escalation to Kernel via Logic Issue
CVSS 8.8
CVE-2021-1839 HIGH
macOS - Privilege Escalation via Improper Permissions Logic
CVSS 7.8
CVE-2021-1836 MEDIUM
iPadOS < 14.5 - Improper Privilege Management
CVSS 5.5
CVE-2021-1813 HIGH
iPadOS < 14.5 - Improper Privilege Management
CVSS 7.8
CVE-2021-35946 CRITICAL
ownCloud <10.8 - Privilege Escalation
CVSS 9.8
CVE-2021-39192 MEDIUM
Ghost 4.0.0-4.9.4 - Authenticated Privilege Escalation via Integrations API Endpoint
CVSS 6.5
CVE-2021-36930 MEDIUM
Microsoft Edge < 93.0.961.38 - Elevation of Privilege
CVSS 5.3
CVE-2021-30355 HIGH
Amazon Kindle <5.13.4 - Privilege Escalation
CVSS 8.6
CVE-2021-37911 HIGH
BenQ EH600 Firmware < 01.00.30.00 - Unauthenticated Arbitrary Command Execution via Management Interface
CVSS 8.8
CVE-2021-39168 CRITICAL
OpenZeppelin contracts 3.3.0-3.4.1 and contracts-upgradeable 4.0.0-4.3.0 - Privilege Escalation in TimelockController
CVSS 10.0
CVE-2021-39167 CRITICAL
OpenZeppelin contracts 3.3.0-3.4.1 and 4.0.0-4.3.0 - Privilege Escalation in TimelockController
CVSS 10.0
CVE-2021-36931 MEDIUM
Microsoft Edge Chromium < 92.0.902.55 - Elevation of Privilege
CVSS 4.4
CVE-2021-1579 HIGH
Cisco APIC/Cloud APIC - Privilege Escalation
CVSS 8.1
CVE-2021-29802 HIGH
IBM Security SOAR < 1.6.1 - Improper Privilege Management
CVSS 7.5
CVE-2021-24602 HIGH
HM Multiple Roles < 1.3 - Unauthenticated Privilege Escalation via Profile Page
CVSS 8.8
CVE-2021-24038 HIGH
Oculus Desktop 1.39-31.1.0.67.507 - Local Privilege Escalation via OVRServiceLauncher Handle Mismanagement
CVSS 7.8
CVE-2021-34745 HIGH
AppDynamics .NET Agent < 21.7 - Authenticated Privilege Escalation via Service Execution
CVSS 7.8
CVE-2021-37345 HIGH
Nagios XI < 5.8.5 - Local Privilege Escalation via xi-sys.cfg Import
CVSS 7.8
CVE-2021-36945 HIGH
Windows 10 Update Assistant - Elevation of Privilege
CVSS 7.3
Details
Vulnerabilities 2,836
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits