Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,778)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-2568 1Redhat 1Ansible Automation Platform Nov 21, 2024 Aug 18, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remov...Show more A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.Show less
CVE-2022-37025 1Mcafee 1Security Scan Plus Nov 21, 2024 Aug 18, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could re...Show more An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file.Show less
CVE-2020-10728 1Automationbroker 1Apb Nov 21, 2024 Aug 16, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the abilit...Show more A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.Show less
CVE-2022-37002 1Huawei 3Emui HarmonyosMagic Ui Oct 20, 2025 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.
CVE-2022-31672 1Vmware 1Vrealize Operations Aug 27, 2025 Aug 10, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
CVE-2022-20361 1Google 1Android Aug 27, 2025 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional exec...Show more In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832Show less
CVE-2022-20360 1Google 1Android Oct 20, 2025 Aug 10, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interact...Show more In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987Show less
CVE-2022-20356 1Google 1Android Sep 8, 2025 Aug 10, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege w...Show more In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903Show less
CVE-2022-20347 1Google 1Android Oct 20, 2025 Aug 10, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution p...Show more In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811Show less
CVE-2022-20239 1Google 1Android Oct 20, 2025 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable...Show more remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091Show less
CVE-2022-35782 1Microsoft 1Azure Site Recovery Vmware To Azure May 29, 2025 Aug 9, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35781 1Microsoft 1Azure Site Recovery Vmware To Azure May 29, 2025 Aug 9, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35780 1Microsoft 1Azure Site Recovery Vmware To Azure May 29, 2025 Aug 9, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35775 1Microsoft 1Azure Site Recovery Vmware To Azure May 29, 2025 Aug 9, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35774 1Microsoft 1Azure Site Recovery Vmware To Azure May 29, 2025 Aug 9, 2022 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35771 1Microsoft 5Windows 10 Windows 11Windows Server 2016+2 more May 29, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Defender Credential Guard Elevation of Privilege Vulnerability
CVE-2022-35768 1Microsoft 10Windows 10 Windows 11Windows 7+7 more May 29, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-35765 1Microsoft 4Windows 10 Windows Server 2016Windows Server 2019+1 more May 29, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Storage Spaces Direct Elevation of Privilege Vulnerability
CVE-2022-35764 1Microsoft 4Windows 10 Windows Server 2016Windows Server 2019+1 more May 29, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Storage Spaces Direct Elevation of Privilege Vulnerability
CVE-2022-35763 1Microsoft 4Windows 10 Windows Server 2016Windows Server 2019+1 more May 29, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Storage Spaces Direct Elevation of Privilege Vulnerability

Previous 1...767778...139 Next