Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,778)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-40377 1Ibm 1I Nov 21, 2024 Oct 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges...Show more Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583.Show less
CVE-2023-40378 1Ibm 1I Nov 21, 2024 Oct 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host ope...Show more IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.Show less
CVE-2023-27316 1Netapp 1Snapcenter Feb 13, 2025 Oct 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
CVE-2023-38817 1Echo 1Anti Cheat Tool Nov 21, 2024 Oct 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode...Show more An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."Show less
CVE-2023-43960 1Dlink 1Dph 400se Firmware Nov 21, 2024 Oct 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.
CVE-2023-4936 1Synaptics 1Displaylink Dec 17, 2025 Oct 11, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 It is possible to sideload a compromised DLL during the installation at elevated privilege.
CVE-2023-44105 1Huawei 2Emui Harmonyos Nov 21, 2024 Oct 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-44106 1Huawei 2Emui Harmonyos Nov 21, 2024 Oct 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-36721 1Microsoft 7Windows 10 1809 Windows 10 21h2Windows 10 22h2+4 more Nov 21, 2024 Oct 10, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36569 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Feb 28, 2025 Oct 10, 2023 N/A· v4 8.4 HIGH· v3 N/A· v2 Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-5214 1Puppet 1Bolt Nov 21, 2024 Oct 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.
CVE-2023-26236 1Watchguard 4Edr Firmware Epdr FirmwareEpp Firmware+1 more Nov 21, 2024 Oct 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a c...Show more An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe.Show less
CVE-2023-5402 1Schneider Electric 1C Bus Toolkit Nov 21, 2024 Oct 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.
CVE-2023-20235 1Cisco 1Ios Xe Nov 21, 2024 Oct 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlyi...Show more A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.Show less
CVE-2023-44217 1Sonicwall 1Netextender Nov 21, 2024 Oct 3, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality...Show more A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. Show less
CVE-2023-36628 1Purestorage 1Purity//fa Nov 21, 2024 Oct 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
CVE-2023-43664 1Prestashop 1Prestashop Nov 21, 2024 Sep 28, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't ch...Show more PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.Show less
CVE-2023-43663 1Prestashop 1Prestashop Nov 21, 2024 Sep 28, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of...Show more PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.Show less
CVE-2023-40375 1Ibm 1I Nov 21, 2024 Sep 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain...Show more Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580.Show less
CVE-2023-33972 1Scylladb 1Scylladb Nov 21, 2024 Sep 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the s...Show more Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.Show less

Previous 1...585960...139 Next