Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-34456 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Jul 16, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2021-34455 1Microsoft 6Windows 10 Windows 8.1Windows Rt 8.1+3 more Nov 21, 2024 Jul 16, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows File History Service Elevation of Privilege Vulnerability
CVE-2021-32739 2Debian Icinga 2Debian Linux Icinga Nov 3, 2025 Jul 15, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists...Show more Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects.Show less
CVE-2021-33505 1Falco 1Falco Nov 21, 2024 Jul 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.
CVE-2021-34514 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Jul 14, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-34511 1Microsoft 6Windows 10 Windows 7Windows Server 2008+3 more Nov 21, 2024 Jul 14, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Installer Elevation of Privilege Vulnerability
CVE-2021-34493 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Jul 14, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2021-34488 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Jul 14, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Console Driver Elevation of Privilege Vulnerability
CVE-2021-34477 1Microsoft 2.net Education Bundle Sdk Install Tool .net Install Tool For Extension Authors Nov 21, 2024 Jul 14, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability
CVE-2021-33751 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Jul 14, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-31961 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Jul 14, 2021 N/A· v4 6.1 MEDIUM· v3 3.6 LOW· v2 Windows InstallService Elevation of Privilege Vulnerability
CVE-2021-29792 1Ibm 1Event Streams Nov 21, 2024 Jul 12, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450.
CVE-2021-35064 1Kramerav 1Viaware Nov 21, 2024 Jul 12, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.
CVE-2021-25442 1Samsung 1Knox Cloud Services Nov 21, 2024 Jul 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
CVE-2021-25429 1Google 1Android Nov 21, 2024 Jul 8, 2021 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
CVE-2021-25428 1Google 1Android Nov 21, 2024 Jul 8, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.
CVE-2021-21786 1Iobit 1Advanced Systemcare Ultimate Nov 21, 2024 Jul 7, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker ca...Show more A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.Show less
CVE-2021-34622 1Properfraction 1Profilepress Nov 21, 2024 Jul 7, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administ...Show more A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. .Show less
CVE-2021-34621 1Properfraction 1Profilepress Nov 21, 2024 Jul 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue...Show more A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .Show less
CVE-2021-27661 1Johnsoncontrols 1F4 Snc Firmware Nov 21, 2024 Jul 1, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to...Show more Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC.Show less

Previous 1...949596...139 Next