← Back
CWE-269

2,778 CVEs • Abstraction: Class • Likelihood of Exploit: Medium

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

JSON object

Loading...

CVEs (2,778)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-3421
1Google
1Drive
Nov 21, 2024
Oct 17, 2022
N/A· v4
7.3 HIGH· v3
N/A· v2
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first ti...Show more
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0Show less
CVE-2022-2249
1Avaya
1Aura Communication Manager
Nov 21, 2024
Oct 12, 2022
N/A· v4
6.7 MEDIUM· v3
N/A· v2
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8...Show more
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.Show less
CVE-2022-41032
2Fedoraproject
Microsoft
5.net
.net CoreFedora+2 more
Feb 28, 2025
Oct 11, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
NuGet Client Elevation of Privilege Vulnerability
CVE-2022-3422
1Tooljet
1Tooljet
Nov 21, 2024
Oct 7, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pas...Show more
Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the passShow less
CVE-2022-2975
1Avaya
1Aura Application Enablement Services
Nov 21, 2024
Oct 6, 2022
N/A· v4
6.7 MEDIUM· v3
N/A· v2
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the roo...Show more
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.Show less
CVE-2022-2637
1Hitachi
1Storage Plug In
Feb 25, 2026
Oct 6, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCe...Show more
Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.Show less
CVE-2022-41975
1Realvnc
2Vnc Server
Vnc Viewer
May 20, 2025
Sep 30, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.
CVE-2022-39032
1Lcnet
1Smart Evision
Nov 21, 2024
Sep 28, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system com...Show more
Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service.Show less
CVE-2022-41604
1Checkpoint
1Zonealarm
May 22, 2025
Sep 27, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a sel...Show more
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.Show less
CVE-2022-32829
1Apple
3Ipados
Iphone OsMacos
May 22, 2025
Sep 23, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-32826
1Apple
6Ipados
Iphone OsMac Os X+3 more
May 22, 2025
Sep 23, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina....Show more
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.Show less
CVE-2022-32819
1Apple
6Ipados
Iphone OsMac Os X+3 more
May 22, 2025
Sep 23, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app ma...Show more
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.Show less
CVE-2022-32801
1Apple
1Macos
May 22, 2025
Sep 23, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges.
CVE-2022-32782
1Apple
1Macos
May 22, 2025
Sep 23, 2022
N/A· v4
4.4 MEDIUM· v3
N/A· v2
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information.
CVE-2022-32781
1Apple
4Ipados
Iphone OsMac Os X+1 more
May 22, 2025
Sep 23, 2022
N/A· v4
4.4 MEDIUM· v3
N/A· v2
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be abl...Show more
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.Show less
CVE-2022-35257
1Ui
1Desktop
May 22, 2025
Sep 23, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.
CVE-2022-30121
1Ivanti
1Endpoint Manager
May 22, 2025
Sep 23, 2022
N/A· v4
6.7 MEDIUM· v3
N/A· v2
The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privi...Show more
The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.Show less
CVE-2022-3068
1Octoprint
1Octoprint
Nov 21, 2024
Sep 21, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
CVE-2022-3079
1Festo
2Cpx Cec C1 Firmware
Cpx Cmxx Firmware
Nov 21, 2024
Sep 20, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.
CVE-2022-38351
1Supremainc
1Biostar 2
May 29, 2025
Sep 19, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.