CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,836 vulnerabilities with CWE-269
CVE-2021-31523 HIGH
xscreensaver - Improper Privilege Management via cap_net_raw Capability
CVSS 7.8
CVE-2021-20208 MEDIUM
cifs-utils < 6.13 - Unauthenticated Kerberos Credential Exposure via Container Mount
CVSS 6.1
CVE-2021-21981 HIGH
VMware NSX-T - Privilege Escalation via RBAC Role Assignment
CVSS 7.8
CVE-2021-29452 HIGH
a12n-server 0.18.0-0.18.1 - Authenticated Privilege Escalation via User Edit HAL-Form
CVSS 8.1
CVE-2021-27394 HIGH
Mendix 7<7.23.19, 8<8.17.0, 8.12<8.12.5, 8.6<8.6.9, 9<9.0.5 - Privilege Escalation via User Role Manipulation
CVSS 8.8
CVE-2021-23887 HIGH
McAfee Data Loss Prevention Endpoint < 11.6.100.41 - Privilege Escalation via hdlphook Driver Memory Manipulation
CVSS 7.8
CVE-2021-30479 MEDIUM
Zulip Server <3.4 - Info Disclosure
CVSS 5.3
CVE-2021-30478 MEDIUM
Zulip Server <3.4 - Privilege Escalation
CVSS 4.3
CVE-2021-29449 MEDIUM
Pi-hole 5.2.4 - Privilege Escalation via Remove Commands
CVSS 6.3
CVE-2021-28322 HIGH
Diagnostics Hub Standard Collector Service - Privilege Escalation
CVSS 7.8
CVE-2021-28313 HIGH
Diagnostics Hub Standard Collector Service - Privilege Escalation
CVSS 7.8
CVE-2021-25377 LOW
Samsung Experience Service <12.2.0.5 - Privilege Escalation
CVSS 3.3
CVE-2021-25365 MEDIUM
softsimd <SMR APR-2021 Release 1 - Info Disclosure
CVSS 5.9
CVE-2021-25363 MEDIUM
ActivityManagerService <SMR APR-2021 Release 1 - Info Disclosure
CVSS 6.8
CVE-2021-25362 MEDIUM
CertInstaller <SMR APR-2021 Release 1 - Info Disclosure
CVSS 6.8
CVE-2021-20021 CRITICAL KEV
SonicWall Email Security < 10.0.9.6103 - Unauthenticated Administrative Account Creation via Crafted HTTP Request
CVSS 9.8
CVE-2021-30152 MEDIUM
MediaWiki <1.31.13, 1.32-1.35.1 - Privilege Escalation
CVSS 4.3
CVE-2021-26758 HIGH
OpenLiteSpeed 1.7.8 - Privilege Escalation to Root via Command Injection
CVSS 8.8
CVE-2021-20334 MEDIUM
MongoDB Compass <1.25.0 - Privilege Escalation
CVSS 4.8
CVE-2021-24207 MEDIUM
WP Page Builder < 1.2.4 - Improper Privilege Management
CVSS 4.3
CVE-2021-24158 MEDIUM
Orbit Fox by ThemeIsle < 2.10.3 - Improper Privilege Management via User Role Parameter
CVSS 6.5
CVE-2021-1802 HIGH
macOS 10.14-10.14.5 and 11.0-11.1 - Local Privilege Escalation
CVSS 7.8
CVE-2021-1787 HIGH
iPadOS < 14.4 - Privilege Escalation
CVSS 7.8
CVE-2021-1750 HIGH
iPadOS < 14.4 - Improper Privilege Management
CVSS 7.8
CVE-2021-28250 HIGH
CA eHealth Performance Manager <6.3.2.12 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 2,836
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits