CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,836 vulnerabilities with CWE-269
CVE-2021-34810 CRITICAL
Synology Download Station < 3.8.16-3566 - Authenticated Remote Code Execution via CGI Component
CVSS 9.9
CVE-2021-27483 HIGH
ZOLL Defibrillator Dashboard <2.2 - Privilege Escalation
CVSS 7.8
CVE-2021-25418 HIGH
Samsung Internet <14.0.1.62 - Privilege Escalation
CVSS 7.8
CVE-2021-28814 HIGH
QNAP Helpdesk < 3.0.4 - Improper Privilege Management
CVSS 8.8
CVE-2021-31839 MEDIUM
McAfee Agent for Windows < 5.7.3 - Improper Privilege Management in Event Log
CVSS 4.8
CVE-2021-0052 HIGH
Intel Computing Improvement Program < 2.4.6522 - Authenticated Privilege Escalation via Local Access
CVSS 7.8
CVE-2021-33356 HIGH
RaspAP <2.6.5 - Privilege Escalation
CVSS 8.8
CVE-2021-31969 HIGH
Windows Cloud Files Mini Filter Driver - Elevation of Privilege
CVSS 7.8
CVE-2021-31954 HIGH
Windows Common Log File System Driver - Elevation of Privilege
CVSS 7.8
CVE-2021-27657 HIGH
Johnson Controls Metasys <11.0 - Privilege Escalation
CVSS 8.8
CVE-2021-22118 HIGH
Spring Framework 5.2.0-5.2.14 - Authenticated Privilege Escalation via WebFlux Temporary Storage Directory
CVSS 7.8
CVE-2021-22733 HIGH
homeLYnk (Wiser For KNX)/spaceLYnk <V2.60 - Privilege Escalation
CVSS 7.8
CVE-2021-22732 HIGH
homeLYnk (Wiser For KNX)/spaceLYnk <V2.60 - RCE
CVSS 7.8
CVE-2021-20713 HIGH
QND Advance/Premium/Standard <11.0.4i - Privilege Escalation
CVSS 7.8
CVE-2021-24289 HIGH
Store Locator Plus for WordPress <= 5.5.14 - Authenticated Privilege Escalation to Administrator
CVSS 8.8
CVE-2021-23891 HIGH
McAfee Total Protection < 16.0.32 - Privilege Escalation via Client Token Impersonation
CVSS 7.8
CVE-2021-31169 HIGH
Windows 10 and Windows Server 2016 - Privilege Escalation via Container Manager Service
CVSS 7.8
CVE-2021-31168 HIGH
Windows 10 and Windows Server 2016 - Privilege Escalation via Container Manager Service
CVSS 7.8
CVE-2021-21430 MEDIUM
OpenAPI Generator < 5.1.1 - Insecure Temporary File Creation via File.createTempFile
CVSS 6.2
CVE-2021-21428 CRITICAL
openapi-generator < 5.1.0 - Insecure Temporary File Permissions
CVSS 9.3
CVE-2021-1447 MEDIUM
Cisco Content Security Management Appliance < 12.8.1-002 Privilege Escalation via Password Flaw
CVSS 6.7
CVE-2021-1401 HIGH
Cisco Small Business WAP125, WAP131, WAP150, WAP351, WAP361, WAP581 Firmware - Authenticated OS Command Injection
CVSS 8.8
CVE-2021-1400 HIGH
Cisco Small Business WAP125/131/150/351/361/581 Firmware - Authenticated Info Disclosure & Command Injection
CVSS 8.8
CVE-2021-0256 MEDIUM
Juniper Networks Junos OS - Info Disclosure
CVSS 5.5
CVE-2021-0255 MEDIUM
Juniper Junos OS - Local Privilege Escalation via ethtraceroute Setuid Binary
CVSS 5.5
Details
Vulnerabilities 2,836
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits