Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-37726 - - Nov 21, 2024 Jul 3, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe
CVE-2024-39206 - - Nov 21, 2024 Jul 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key.
CVE-2024-26314 2Jungo Mitsubishielectric 35Cpu Module Logging Configuration Tool Cw ConfiguratorData Transfer+32 more Mar 21, 2025 Jul 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code.
CVE-2024-25088 2Jungo Mitsubishielectric 35Cpu Module Logging Configuration Tool Cw ConfiguratorData Transfer+32 more Nov 21, 2024 Jul 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code.
CVE-2024-25086 2Jungo Mitsubishielectric 35Cpu Module Logging Configuration Tool Cw ConfiguratorData Transfer+32 more Nov 21, 2024 Jul 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code.
CVE-2024-22106 2Jungo Mitsubishielectric 35Cpu Module Logging Configuration Tool Cw ConfiguratorData Transfer+32 more Nov 21, 2024 Jul 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS).
CVE-2023-51776 2Jungo Mitsubishielectric 35Cpu Module Logging Configuration Tool Cw ConfiguratorData Transfer+32 more Mar 13, 2025 Jul 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code.
CVE-2024-37133 1Dell 1Powerscale Onefs Feb 20, 2026 Jul 2, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain o...Show more Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.Show less
CVE-2024-37126 1Dell 1Powerscale Onefs Feb 20, 2026 Jul 2, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain o...Show more Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.Show less
CVE-2024-32854 1Dell 1Powerscale Onefs Feb 20, 2026 Jul 2, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation...Show more Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation.Show less
CVE-2024-39302 - - Nov 21, 2024 Jun 28, 2024 N/A· v4 3.7 LOW· v3 N/A· v2 BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/b...Show more BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7. Show less
CVE-2024-4395 - - Nov 21, 2024 Jun 27, 2024 7.3 HIGH· v4 7.8 HIGH· v3 N/A· v2 The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.
CVE-2024-5009 1Progress 1Whatsup Gold Nov 21, 2024 Jun 25, 2024 N/A· v4 8.4 HIGH· v3 N/A· v2 In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
CVE-2024-37107 1Wishlistmember 1Wishlist Member X Nov 21, 2024 Jun 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7.
CVE-2020-27352 1Canonical 2Snapd Ubuntu Linux Aug 26, 2025 Jun 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snap...Show more When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.Show less
CVE-2024-6240 1Parallels 1Parallels Desktop Nov 21, 2024 Jun 21, 2024 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with...Show more Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system.Show less
CVE-2024-2003 - - Nov 21, 2024 Jun 21, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine.
CVE-2024-4390 1Depicter 1Depicter Apr 8, 2026 Jun 20, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor...Show more The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks.Show less
CVE-2023-37058 1Unionman 1Jlink Ax1800 Firmware Mar 18, 2025 Jun 17, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command.
CVE-2024-33374 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication.

Previous 1...404142...139 Next