CWE-269
2,777 CVEs • Abstraction: Class • Likelihood of Exploit: Medium
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVEs (2,777)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may...Show more |
A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to privilege escalation. Th...Show more |
Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBe...Show more |
1Cisco 1Identity Services Engine Nov 21, 2024 Jun 15, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exis...Show more |
1Axis 6M3005 Firmware M3007 FirmwareM3045 Firmware+3 moreNov 21, 2024 Jun 15, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the...Show more |
1Sap 1Adaptive Server Enterprise Nov 21, 2024 Jun 14, 2022 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. |
1Sap 2Host Agent Netweaver AbapNov 21, 2024 Jun 14, 2022 N/A· v4 5.0 MEDIUM· v3 4.6 MEDIUM· v2 SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49,...Show more |
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. |
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and...Show more |
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. |
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door...Show more |
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalatio...Show more |
1Ibm 1Spectrum Copy Data Management Nov 21, 2024 Jun 10, 2022 N/A· v4 4.5 MEDIUM· v3 3.5 LOW· v2 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could ent...Show more |
A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. U...Show more |
1Solar Log 8Solar Log 1000 Firmware Solar Log 1000 Pm+ FirmwareSolar Log 1200 Firmware+5 moreNov 21, 2024 Jun 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privi...Show more |
1Solar Log 8Solar Log 1000 Firmware Solar Log 1000 Pm+ FirmwareSolar Log 1200 Firmware+5 moreNov 21, 2024 Jun 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The...Show more |
1Solar Log 8Solar Log 1000 Firmware Solar Log 1000 Pm+ FirmwareSolar Log 1200 Firmware+5 moreNov 21, 2024 Jun 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possibl...Show more |
1Axiositalia 1Registro Elettronico Nov 21, 2024 Jun 9, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argum...Show more |
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remote...Show more |
1Ideracorp 1Webyog Monyog Ultimate Nov 21, 2024 Jun 9, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privileg...Show more |