Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-31359 1Juniper 2Junos Junos Os Evolved Nov 21, 2024 Oct 19, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Servic...Show more A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive \| match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO.Show less
CVE-2021-31350 1Juniper 2Junos Junos Os Evolved Nov 21, 2024 Oct 19, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticate...Show more An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO.Show less
CVE-2021-40854 1Anydesk 1Anydesk Nov 21, 2024 Oct 14, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.
CVE-2021-41348 1Microsoft 1Exchange Server Nov 21, 2024 Oct 13, 2021 N/A· v4 8.0 HIGH· v3 5.2 MEDIUM· v2 Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2021-41347 1Microsoft 5Windows 10 Windows 11Windows Server 2016+2 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows AppX Deployment Service Elevation of Privilege Vulnerability
CVE-2021-41345 1Microsoft 8Windows 10 Windows 11Windows 8.1+5 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-41339 1Microsoft 4Windows 10 Windows 11Windows Server 2016+1 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-41335 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-41334 1Microsoft 4Windows 10 Windows 11Windows Server 2016+1 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2021-40489 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-40488 1Microsoft 8Windows 10 Windows 11Windows 8.1+5 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-40478 1Microsoft 8Windows 10 Windows 11Windows 8.1+5 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-40477 1Microsoft 8Windows 10 Windows 11Windows 8.1+5 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-40470 1Microsoft 5Windows 10 Windows 11Windows Server 2016+2 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2021-40467 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-40466 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-40464 1Microsoft 6Windows 10 Windows 11Windows Server+3 more Nov 21, 2024 Oct 13, 2021 N/A· v4 8.0 HIGH· v3 5.2 MEDIUM· v2 Windows Nearby Sharing Elevation of Privilege Vulnerability
CVE-2021-40443 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-26441 1Microsoft 9Windows 10 Windows 11Windows 8.1+6 more Nov 21, 2024 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-22263 1Gitlab 1Gitlab Nov 21, 2024 Oct 11, 2021 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external'...Show more An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.Show less

Previous 1...899091...139 Next