CWE-269
2,755 CVEs • Abstraction: Class • Likelihood of Exploit: Medium
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVEs (2,755)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Webtoffee 1Import Export Wordpress Users Nov 21, 2024 Apr 23, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. |
1Netgear 2Wac505 Firmware Wac510 FirmwareNov 21, 2024 Apr 22, 2020 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation. |
Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to...Show more |
1Netgear 10M4200 Firmware M4300 12x12f FirmwareM4300 24x24f Firmware+7 moreNov 21, 2024 Apr 20, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F bef...Show more |
1Netgear 10M4200 Firmware M4300 12x12f FirmwareM4300 24x24f Firmware+7 moreNov 21, 2024 Apr 20, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F bef...Show more |
1Netgear 10M4200 Firmware M4300 12x12f FirmwareM4300 24x24f Firmware+7 moreNov 21, 2024 Apr 20, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F bef...Show more |
1Netgear 10M4200 Firmware M4300 12x12f FirmwareM4300 24x24f Firmware+7 moreNov 21, 2024 Apr 20, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F bef...Show more |
1Netgear 10M4200 Firmware M4300 12x12f FirmwareM4300 24x24f Firmware+7 moreNov 21, 2024 Apr 20, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F bef...Show more |
1Netgear 10M4200 Firmware M4300 12x12f FirmwareM4300 24x24f Firmware+7 moreNov 21, 2024 Apr 20, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0....Show more |
1Cisco 2Ucs Director Ucs Director Express For Big DataNov 21, 2024 Apr 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device...Show more |
1Cisco 2Ucs Director Ucs Director Express For Big DataNov 21, 2024 Apr 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device...Show more |
Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. This can also affect all users who are signed in on the system if a shell is placed in a location that othe...Show more |
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID a...Show more |
A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to th...Show more |
1Microsoft 8Windows 10 Windows 7Windows 8.1+5 moreNov 21, 2024 Apr 15, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. |
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. |
Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checki...Show more |
Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system adm...Show more |
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or re...Show more |
Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file |