Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,778)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-48283 1Huawei 1Hilink Ai Life Mar 11, 2025 Feb 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.
CVE-2022-48341 1Thingsboard 1Thingsboard Mar 12, 2025 Feb 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parame...Show more ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.Show less
CVE-2022-43927 1Ibm 1Db2 Nov 21, 2024 Feb 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.
CVE-2022-38378 1Fortinet 2Fortios Fortiproxy Nov 21, 2024 Feb 16, 2023 N/A· v4 6.0 MEDIUM· v3 N/A· v2 An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin prof...Show more An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.Show less
CVE-2023-24483 1Citrix 1Virtual Apps And Desktops Mar 18, 2025 Feb 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
CVE-2022-42455 1Asus 1Armoury Crate Mar 19, 2025 Feb 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read...Show more ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.Show less
CVE-2022-42735 1Apache 1Shenyu Mar 19, 2025 Feb 15, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affect...Show more Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 . Show less
CVE-2023-25011 1Nec 1Pc Settings Tool Mar 19, 2025 Feb 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges.
CVE-2023-21777 1Microsoft 1Azure App Service On Azure Stack Nov 21, 2024 Feb 14, 2023 N/A· v4 8.7 HIGH· v3 N/A· v2 Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2023-25149 1Timescale 1Timescaledb Nov 21, 2024 Feb 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation us...Show more TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms.Show less
CVE-2022-34384 1Dell 5Alienware Update Command UpdateSupportassist For Business Pcs+2 more Nov 21, 2024 Feb 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command \| Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privil...Show more Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command \| Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. Show less
CVE-2023-21421 1Samsung 1Android Nov 21, 2024 Feb 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
CVE-2022-48286 1Huawei 2Emui Harmonyos Mar 25, 2025 Feb 9, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38777 1Elastic 2Endgame Endpoint Security Mar 25, 2025 Feb 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
CVE-2022-43759 1Suse 1Rancher Nov 21, 2024 Feb 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Ra...Show more A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10.Show less
CVE-2022-48019 1Wfs 1Another Eden Mar 26, 2025 Feb 6, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload.
CVE-2023-20854 1Vmware 1Workstation Mar 26, 2025 Feb 3, 2023 N/A· v4 8.4 HIGH· v3 N/A· v2 VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of...Show more VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.Show less
CVE-2020-24307 1Mremoteng 1Mremoteng Nov 21, 2024 Feb 2, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.
CVE-2022-3990 1Hp 1Hpsfviewer Mar 28, 2025 Feb 1, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.
CVE-2022-23455 1Hp 1Support Assistant Mar 27, 2025 Feb 1, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized...Show more Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.Show less

Previous 1...686970...139 Next