Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-38626 1Microsoft 1Windows Server 2008 Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-38625 1Microsoft 1Windows Server 2008 Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-36975 1Microsoft 4Windows 10 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Win32k Elevation of Privilege Vulnerability
CVE-2021-36974 1Microsoft 7Windows 10 Windows 8.1Windows Rt 8.1+4 more Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows SMB Elevation of Privilege Vulnerability
CVE-2021-36973 1Microsoft 4Windows 10 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVE-2021-36968 1Microsoft 2Windows 7 Windows Server 2008 Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows DNS Elevation of Privilege Vulnerability
CVE-2021-36967 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Sep 15, 2021 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
CVE-2021-36966 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2021-36964 1Microsoft 9Windows 10 Windows 7Windows 8.1+6 more Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-36963 1Microsoft 9Windows 10 Windows 7Windows 8.1+6 more Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-36954 1Microsoft 4Windows 10 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2021-40354 1Siemens 1Teamcenter Visualization Nov 21, 2024 Sep 14, 2021 N/A· v4 7.1 HIGH· v3 5.5 MEDIUM· v2 A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). Th...Show more A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks".Show less
CVE-2021-37173 1Siemens 10Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Rx1400 FirmwareRuggedcom Rox Rx1500 Firmware+7 more Nov 21, 2024 Sep 14, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2....Show more A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.Show less
CVE-2021-38540 1Apache 1Airflow Nov 21, 2024 Sep 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in...Show more The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.Show less
CVE-2021-1868 1Apple 6Ipados Iphone OsMac Os X+3 more Nov 21, 2024 Sep 8, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3....Show more A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.Show less
CVE-2021-1853 1Apple 1Macos Nov 21, 2024 Sep 8, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.
CVE-2021-1851 1Apple 6Ipados Iphone OsMac Os X+3 more Nov 21, 2024 Sep 8, 2021 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3....Show more A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.Show less
CVE-2021-1839 1Apple 2Mac Os X Macos Nov 21, 2024 Sep 8, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privil...Show more The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges.Show less
CVE-2021-1836 1Apple 3Ipados Iphone OsTvos Nov 21, 2024 Sep 8, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files.
CVE-2021-1813 1Apple 6Ipados Iphone OsMac Os X+3 more Nov 21, 2024 Sep 8, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A mal...Show more A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.Show less

Previous 1...919293...139 Next