Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,778)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-22809 4Apple DebianFedoraproject+1 more 4Debian Linux FedoraMacos+1 more Apr 4, 2025 Jan 18, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries...Show more In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.Show less
CVE-2021-4314 1Linuxfoundation 1Zowe Api Mediation Layer Apr 3, 2025 Jan 18, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 ap...Show more It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 applied. This issue affects: 1.16 versions to 1.19. What happens is that the services using the ZAAS client or the API ML API to query will be deceived into believing the information in the JWT token is valid when it isn’t. It’s possible to use this to persuade the southbound service that different user is authenticated.Show less
CVE-2023-21848 1Oracle 1Communications Convergence Nov 21, 2024 Jan 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerabili...Show more Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergence. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2023-0221 1Mcafee 1Application And Change Control Nov 21, 2024 Jan 13, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.
CVE-2022-39182 1Mingham Smith 1Tardis 2000 Apr 8, 2025 Jan 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges.
CVE-2023-21774 1Microsoft 15Windows 10 1607 Windows 10 1809Windows 10 20h2+12 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-21773 1Microsoft 15Windows 10 1607 Windows 10 1809Windows 10 20h2+12 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-21772 1Microsoft 15Windows 10 1607 Windows 10 1809Windows 10 20h2+12 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-21755 1Microsoft 15Windows 10 1607 Windows 10 1809Windows 10 20h2+12 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-21730 1Microsoft 15Windows 10 1607 Windows 10 1809Windows 10 20h2+12 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2023-21561 1Microsoft 15Windows 10 1607 Windows 10 1809Windows 10 20h2+12 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2023-21552 1Microsoft 15Windows 10 1607 Windows 10 1809Windows 10 20h2+12 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows GDI Elevation of Privilege Vulnerability
CVE-2023-21551 1Microsoft 8Windows 10 1809 Windows 10 20h2Windows 10 21h2+5 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2023-21549 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 20h2+11 more Nov 21, 2024 Jan 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows SMB Witness Service Elevation of Privilege Vulnerability
CVE-2023-21542 1Microsoft 9Windows 10 1607 Windows 7Windows 8.1+6 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 Windows Installer Elevation of Privilege Vulnerability
CVE-2023-21531 1Microsoft 1Azure Service Fabric Nov 21, 2024 Jan 10, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 Azure Service Fabric Container Elevation of Privilege Vulnerability
CVE-2022-4294 4Avas!t AvgAvira+1 more 4Antivirus AntivirusAvira Security+1 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain eleva...Show more Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Show less
CVE-2022-0668 1Jfrog 1Artifactory Nov 21, 2024 Jan 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
CVE-2022-43535 1Arubanetworks 1Clearpass Policy Manager Apr 10, 2025 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AU...Show more A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. Show less
CVE-2022-43534 1Arubanetworks 1Clearpass Policy Manager Apr 10, 2025 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root leve...Show more A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. Show less

Previous 1...707172...139 Next