Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,778)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-38496 1Lfprojects 1Apptainer Nov 21, 2024 Jul 25, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the att...Show more Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.Show less
CVE-2023-37907 1Cryptomator 1Cryptomator Nov 21, 2024 Jul 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, i...Show more Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue.Show less
CVE-2023-38058 1Otrs 1Otrs Nov 21, 2024 Jul 24, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: fr...Show more An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35. Show less
CVE-2023-37917 1Fit2cloud 1Kubepi Nov 21, 2024 Jul 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative...Show more KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-38187 1Microsoft 1Edge Chromium Feb 28, 2025 Jul 21, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-3467 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Nov 21, 2024 Jul 19, 2023 N/A· v4 8.0 HIGH· v3 N/A· v2 Privilege Escalation to root administrator (nsroot)
CVE-2023-30799 1Mikrotik 1Routeros Nov 21, 2025 Jul 19, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or H...Show more MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.Show less
CVE-2023-22023 1Oracle 1Solaris Nov 21, 2024 Jul 18, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with log...Show more Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: CVE-2023-22023 is equivalent to CVE-2023-31284. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2023-30989 1Ibm 1I Nov 21, 2024 Jul 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object a...Show more IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017.Show less
CVE-2023-30988 1Ibm 1I Nov 21, 2024 Jul 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gai...Show more The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016.Show less
CVE-2023-3514 1Razer 1Razer Central Nov 21, 2024 Jul 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a lo...Show more Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file. Show less
CVE-2023-3513 1Razer 1Razer Central Nov 21, 2024 Jul 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a lo...Show more Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.Show less
CVE-2023-24491 1Citrix 1Secure Access Client Nov 21, 2024 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client ins...Show more A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. Show less
CVE-2023-30765 1Deltaww 1Infrasuite Device Master Jan 27, 2025 Jul 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.
CVE-2023-29256 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-For...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.Show less
CVE-2023-27558 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain ele...Show more IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.Show less
CVE-2021-42082 1Osnexus 1Quantastor Sep 22, 2025 Jul 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Local users are able to execute scripts under root privileges. POC On the local host run the following command: curl 'localhost:8154/qstor/qs_upgrade.py?taskId=1&a=;`whoami`'
CVE-2022-48515 1Huawei 2Emui Harmonyos Nov 21, 2024 Jul 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-46894 1Huawei 2Emui Harmonyos Nov 21, 2024 Jul 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
CVE-2023-30642 1Samsung 1Android Nov 21, 2024 Jul 6, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.

Previous 1...626364...139 Next