Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,778)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-4607 1Lenovo 123Thinkagile Hx1021 Edg Firmware Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+120 more Nov 21, 2024 Oct 25, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An authenticated XCC user can change permissions for any user through a crafted API command.
CVE-2023-43506 1Arubanetworks 1Clearpass Policy Manager Nov 21, 2024 Oct 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbi...Show more A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.Show less
CVE-2023-39740 1Linecorp 1Onigiriya Musubee Nov 21, 2024 Oct 25, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
CVE-2023-39734 1Linecorp 1Trackdiner10/10 Mc Nov 21, 2024 Oct 25, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
CVE-2023-39733 1Linecorp 1Tonton Tei Nov 21, 2024 Oct 25, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
CVE-2023-39732 1Linecorp 1Tokueimaru Waiting Nov 21, 2024 Oct 25, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
CVE-2021-26734 1Zscaler 1Client Connector Nov 21, 2024 Oct 23, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.
CVE-2023-34045 1Vmware 1Fusion Mar 7, 2025 Oct 20, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volum...Show more VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.Show less
CVE-2023-46277 1Edneville 1Please Nov 21, 2024 Oct 20, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)
CVE-2023-27795 1Ixpdata 1Easyinstall Nov 21, 2024 Oct 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key.
CVE-2023-27793 1Ixpdata 1Easyinstall Nov 21, 2024 Oct 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.
CVE-2023-45883 1Enghouse 1Qumu Nov 21, 2024 Oct 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard...Show more A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.Show less
CVE-2023-41715 1Sonicwall 1Sonicos May 2, 2025 Oct 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
CVE-2023-22099 1Oracle 1Vm Virtualbox Nov 21, 2024 Oct 17, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker wi...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).Show less
CVE-2023-20598 1Amd 1Radeon Software Nov 21, 2024 Oct 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a...Show more An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. Show less
CVE-2023-43120 1Extremenetworks 1Exos Nov 21, 2024 Oct 16, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.
CVE-2023-4834 2Helmholz Mbconnectline 4Mbconnect24 Mymbconnect24Myrex24+1 more Nov 21, 2024 Oct 16, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain re...Show more In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to. Show less
CVE-2023-4822 1Grafana 1Grafana Jun 16, 2025 Oct 16, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to ch...Show more Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.Show less
CVE-2023-44809 1Dlink 1Dir 820l Firmware Nov 21, 2024 Oct 16, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.
CVE-2023-38280 1Ibm 1Hardware Management Console Nov 21, 2024 Oct 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740.

Previous 1...575859...139 Next