Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-42277 1Microsoft 8Visual Studio Visual Studio 2017Visual Studio 2019+5 more Nov 21, 2024 Nov 10, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-41377 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Nov 21, 2024 Nov 10, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
CVE-2021-41370 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Nov 21, 2024 Nov 10, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 NTFS Elevation of Privilege Vulnerability
CVE-2021-41367 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Nov 21, 2024 Nov 10, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 NTFS Elevation of Privilege Vulnerability
CVE-2021-41366 1Microsoft 8Windows 10 Windows 11Windows 8.1+5 more Nov 21, 2024 Nov 10, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
CVE-2021-36957 1Microsoft 4Windows 10 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 Nov 10, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2019-18916 1Hp 5Color Laserjet Pro Mfp M277 B3q10a Firmware Color Laserjet Pro Mfp M277 B3q10v FirmwareColor Laserjet Pro Mfp M277 B3q11a Firmware+2 more Nov 21, 2024 Nov 9, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client.
CVE-2021-25508 1Samsung 1Smartthings Nov 21, 2024 Nov 5, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.
CVE-2021-25502 1Google 1Android Nov 21, 2024 Nov 5, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
CVE-2021-40124 1Cisco 1Anyconnect Secure Mobility Client Nov 21, 2024 Nov 4, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerabil...Show more A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.Show less
CVE-2021-41022 1Fortinet 1Fortisiem Nov 21, 2024 Nov 2, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts
CVE-2021-1118 1Nvidia 1Virtual Gpu Nov 21, 2024 Oct 29, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tamper...Show more NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of serviceShow less
CVE-2021-3576 1Bitdefender 2Endpoint Security Tools Total Security Nov 21, 2024 Oct 28, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform ac...Show more Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.Show less
CVE-2021-23877 1Mcafee 1Total Protection Nov 21, 2024 Oct 26, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file...Show more Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.Show less
CVE-2021-42108 1Trendmicro 3Apex One Worry Free Business SecurityWorry Free Business Security Services Nov 21, 2024 Oct 21, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installati...Show more Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2021-42107 1Trendmicro 3Apex One Worry Free Business SecurityWorry Free Business Security Services Nov 21, 2024 Oct 21, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on...Show more Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106.Show less
CVE-2021-42106 1Trendmicro 3Apex One Worry Free Business SecurityWorry Free Business Security Services Nov 21, 2024 Oct 21, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on...Show more Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107.Show less
CVE-2021-42105 1Trendmicro 3Apex One Worry Free Business SecurityWorry Free Business Security Services Nov 21, 2024 Oct 21, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on...Show more Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107.Show less
CVE-2021-42104 1Trendmicro 3Apex One Worry Free Business SecurityWorry Free Business Security Services Nov 21, 2024 Oct 21, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on...Show more Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107.Show less
CVE-2021-31360 1Juniper 2Junos Junos Os Evolved Nov 21, 2024 Oct 19, 2021 N/A· v4 7.1 HIGH· v3 6.6 MEDIUM· v2 An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a sys...Show more An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive \| match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO.Show less

Previous 1...888990...139 Next