Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,778)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-43533 1Arubanetworks 1Clearpass Policy Manager Apr 10, 2025 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root lev...Show more A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. Show less
CVE-2022-4808 1Usememos 1Memos Nov 21, 2024 Dec 28, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-46172 1Goauthentik 1Authentik Nov 21, 2024 Dec 28, 2022 N/A· v4 6.4 MEDIUM· v3 N/A· v2 authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default f...Show more authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable for users to create new accounts by themselves. This may also affect other applications as these new basic accounts would exist throughout the SSO infrastructure. By default the newly created accounts cannot be logged into as no password reset exists by default. However password resets are likely to be enabled by most installations. This vulnerability pertains to the user context used in the default-user-settings-flow, /api/v3/flows/instances/default-user-settings-flow/execute/. This issue has been fixed in versions 2022.10.4 and 2022.11.4.Show less
CVE-2022-45963 1H3c 11Secpath F100 C G3 Firmware Secpath F500 6gw FirmwareSecpath F5010 Firmware+8 more Apr 11, 2025 Dec 27, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability.
CVE-2022-37706 1Enlightenment 1Enlightenment Apr 14, 2025 Dec 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
CVE-2022-41290 1Ibm 2Aix Vios Nov 21, 2024 Dec 23, 2022 N/A· v4 8.4 HIGH· v3 N/A· v2 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.
CVE-2022-38757 1Microfocus 1Zenworks Nov 21, 2024 Dec 23, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices,...Show more A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.Show less
CVE-2022-4687 1Usememos 1Memos Nov 21, 2024 Dec 23, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-46334 1Proofpoint 1Enterprise Protection Nov 21, 2024 Dec 21, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.
CVE-2022-38065 1Redhat 1Openstack Nov 21, 2024 Dec 21, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead...Show more A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.Show less
CVE-2022-38060 1Openstack 1Kolla May 7, 2025 Dec 21, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.
CVE-2022-42046 1Wfs 1Heaven Burns Red Apr 17, 2025 Dec 20, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privilege escalation
CVE-2022-46327 1Huawei 2Emui Harmonyos Apr 17, 2025 Dec 20, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.
CVE-2022-31707 1Vmware 1Vrealize Operations Apr 18, 2025 Dec 16, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
CVE-2022-42855 1Apple 4Ipados Iphone OsMacos+1 more Apr 21, 2025 Dec 15, 2022 N/A· v4 7.1 HIGH· v3 N/A· v2 A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use a...Show more A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.Show less
CVE-2022-42849 1Apple 4Ipados Iphone OsTvos+1 more Apr 21, 2025 Dec 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges.
CVE-2022-44689 1Microsoft 5Windows 10 Windows 11Windows Server 2019+2 more Feb 28, 2025 Dec 13, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
CVE-2022-38124 1Secomea 12Sitemanager 1129 Firmware Sitemanager 1139 FirmwareSitemanager 1149 Firmware+9 more Nov 21, 2024 Dec 13, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
CVE-2022-41268 1Sap 1Business Planning And Consolidation Nov 21, 2024 Dec 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By impl...Show more In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a successful attack could enable an adversary to escalate their privileges to be able to read, change or delete system data.Show less
CVE-2022-4314 1Ikus Soft 1Rdiffweb Nov 21, 2024 Dec 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.

Previous 1...717273...139 Next