Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-26863 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Mar 11, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-24095 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Mar 11, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 DirectX Elevation of Privilege Vulnerability
CVE-2021-24090 1Microsoft 2Windows 10 Windows Server 2016 Nov 21, 2024 Mar 11, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2021-1729 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Mar 11, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Windows Update Stack Setup Elevation of Privilege Vulnerability
CVE-2021-1640 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Mar 11, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-25337 1Samsung 1Android Oct 30, 2025 Mar 4, 2021 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
CVE-2021-25336 1Google 1Android Nov 21, 2024 Mar 4, 2021 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.
CVE-2020-12528 1Mbconnectline 2Mbconnect24 Mymbconnect24 Nov 21, 2024 Mar 2, 2021 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should...Show more An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.Show less
CVE-2020-12527 2Helmholz Mbconnectline 4Mbconnect24 Mymbconnect24Myrex24+1 more Nov 21, 2024 Mar 2, 2021 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot dev...Show more An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.Show less
CVE-2021-24102 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Feb 25, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-24096 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Feb 25, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-24092 1Microsoft 4Endpoint Protection Security EssentialsSystem Center Endpoint Protection+1 more Nov 21, 2024 Feb 25, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Microsoft Defender Elevation of Privilege Vulnerability
CVE-2021-24087 1Azure Iot Cli Extension 1 Nov 21, 2024 Feb 25, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Azure IoT CLI extension Elevation of Privilege Vulnerability
CVE-2021-1733 1Microsoft 1Psexec Nov 21, 2024 Feb 25, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Sysinternals PsExec Elevation of Privilege Vulnerability
CVE-2021-1728 1Microsoft 1System Center Operations Manager Nov 21, 2024 Feb 25, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 System Center Operations Manager Elevation of Privilege Vulnerability
CVE-2021-1727 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Feb 25, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1698 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Feb 25, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1388 1Cisco 2Aci Multi Site Orchestrator Application Policy Infrastructure Controller Nov 21, 2024 Feb 24, 2021 N/A· v4 10.0 CRITICAL· v3 9.3 HIGH· v2 A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. T...Show more A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.Show less
CVE-2021-26594 1Rangerstudio 1Directus Nov 21, 2024 Feb 23, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by t...Show more In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2021-25630 1Collaboraoffice 1Online Nov 21, 2024 Feb 23, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with priv...Show more "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.Show less

Previous 1...99100101...139 Next