Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-43018 1Ibm 1Cics Tx Nov 21, 2024 Nov 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses....Show more IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.Show less
CVE-2023-5408 1Redhat 1Openshift Container Platform Nov 21, 2024 Nov 2, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane an...Show more A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.Show less
CVE-2023-20048 1Cisco 1Secure Firewall Management Center Nov 26, 2024 Nov 1, 2023 N/A· v4 9.9 CRITICAL· v3 N/A· v2 A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat...Show more A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software.Show less
CVE-2023-5847 1Tenable 2Nessus Nessus Agent Nov 21, 2024 Nov 1, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.
CVE-2023-5739 1Hp 3Image Assistant Pc Hardware DiagnosticsThunderbolt Dock G2 Firmware Nov 21, 2024 Oct 31, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.
CVE-2023-47101 1Securepoint 1Openvpn Client Nov 21, 2024 Oct 30, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair.
CVE-2023-21397 1Google 1Android Nov 21, 2024 Oct 30, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...Show more In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-21396 1Google 1Android Nov 21, 2024 Oct 30, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed...Show more In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-21376 1Google 1Android Mar 6, 2025 Oct 30, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed...Show more In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-21374 1Google 1Android Nov 21, 2024 Oct 30, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...Show more In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-21343 1Google 1Android Nov 21, 2024 Oct 30, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...Show more In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-40685 1Ibm 1I Nov 21, 2024 Oct 29, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability...Show more Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.Show less
CVE-2023-40686 1Ibm 1I Nov 21, 2024 Oct 29, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability...Show more Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114.Show less
CVE-2022-3701 1Lenovo 3Hardware Scan Addin Hardware Scan PluginSystem Update Plugin Nov 21, 2024 Oct 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.
CVE-2023-44219 1Sonicwall 1Directory Services Connector Nov 21, 2024 Oct 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recover...Show more A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.Show less
CVE-2023-34057 1Vmware 1Tools Mar 6, 2025 Oct 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
CVE-2023-5622 1Tenable 1Nessus Network Monitor Nov 21, 2024 Oct 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.
CVE-2023-41966 1Sielco 15Analog Fm Transmitter Exc1000gt Firmware Analog Fm Transmitter Exc1000gx FirmwareAnalog Fm Transmitter Exc100gt Firmware+12 more Nov 21, 2024 Oct 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.
CVE-2023-5671 1Hp 1Print And Scan Doctor Nov 21, 2024 Oct 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.
CVE-2023-4607 1Lenovo 123Thinkagile Hx1021 Edg Firmware Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+120 more Nov 21, 2024 Oct 25, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An authenticated XCC user can change permissions for any user through a crafted API command.

Previous 1...565758...139 Next