CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,836 vulnerabilities with CWE-269
CVE-2021-34511 HIGH
Windows Installer - Elevation of Privilege via Improper Privilege Management
CVSS 7.8
CVE-2021-34493 MEDIUM
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege in Partition Management Driver
CVSS 6.7
CVE-2021-34488 HIGH
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege in Console Driver
CVSS 7.8
CVE-2021-34477 HIGH
.NET Education Bundle SDK Install Tool 0.6.0-0.6.9 & .NET Install Tool 1.1.0-1.1.9 - Elevation of Privilege
CVSS 7.8
CVE-2021-33751 HIGH
Storage Spaces Controller - Privilege Escalation
CVSS 7.0
CVE-2021-31961 MEDIUM
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege via InstallService
CVSS 6.1
CVE-2021-29792 HIGH
IBM Event Streams 10.0-10.3 - Improper Privilege Management via CA Private Key
CVSS 7.2
CVE-2021-35064 CRITICAL
KramerAV VIAWare - Privilege Escalation
CVSS 9.8
CVE-2021-25442 HIGH
Samsung Knox Cloud Services < 1.39 - Improper Privilege Management in KME Module
CVSS 7.5
CVE-2021-25429 MEDIUM
Bluetooth App <SMR July-2021 Release 1 - Privilege Escalation
CVSS 4.3
CVE-2021-25428 HIGH
PackageManager <SMR July-2021 Release 1 - Privilege Escalation
CVSS 7.8
CVE-2021-21786 HIGH
IOBit Advanced SystemCare Ultimate 14.2.0.220 - Privilege Escalation via IOCTL 0x9c406144
CVSS 7.8
CVE-2021-34622 CRITICAL
ProfilePress 3.0.0-3.1.3 - Privilege Escalation via User Profile Update
CVSS 9.8
CVE-2021-34621 CRITICAL
ProfilePress 3.0.0-3.1.3 - Unauthenticated Privilege Escalation via Registration
CVSS 9.8
CVE-2021-27661 HIGH
Johnson Controls F4-SNC Firmware - Authenticated Improper Privilege Management via Crafted Web Messages
CVSS 8.8
CVE-2021-22376 HIGH
HarmonyOS - Improper Privilege Management
CVSS 8.4
CVE-2021-22326 HIGH
HarmonyOS - Privilege Escalation to Kernel Space
CVSS 7.1
CVE-2021-28692 HIGH
Xen >=3.2.0 - Improper Privilege Management in IOMMU Timeout Handling
CVSS 7.1
CVE-2021-35523 HIGH
Securepoint SSL VPN Client v2 < 2.0.32 - Privilege Escalation
CVSS 7.8
CVE-2021-33538 HIGH
Weidmueller Industrial WLAN - Privilege Escalation
CVSS 8.8
CVE-2021-35448 HIGH
Emote Interactive Remote Mouse 3.008 - RCE
CVSS 7.8
CVE-2021-29951 MEDIUM
Firefox < 87.0, Firefox ESR < 78.10.1, Thunderbird < 78.10.1 - Improper Privilege Management in Maintenance Service
CVSS 6.5
CVE-2021-23999 HIGH
Firefox ESR <78.10, Thunderbird <78.10, Firefox <88 - Info Disclosure
CVSS 8.8
CVE-2021-25651 HIGH
Avaya Aura Utility Services 7.0-7.1.2 - Privilege Escalation
CVSS 8.0
CVE-2021-25650 HIGH
Avaya Aura Utility Services 7.0-7.1.3 - Privilege Escalation via Crafted Script Execution
CVSS 7.7
Details
Vulnerabilities 2,836
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits