CWE-269— Improper Privilege Management
4,218 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-269page 21 of 85
- CVE-2020-13514HIGHCVSS 8.8EG 8.82020-12-18
A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0e0 gives a …
- CVE-2020-13515HIGHCVSS 8.8EG 8.82020-12-18
A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a…
- CVE-2020-13516MEDIUMCVSS 6.5EG 5.52020-12-18
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a…
- CVE-2020-13517MEDIUMCVSS 5.5EG 5.52020-12-18
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a…
- CVE-2020-13518MEDIUMCVSS 6.5EG 5.52020-12-18
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a…
- CVE-2020-13519HIGHCVSS 8.8EG 8.82020-12-18
A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trig…
- CVE-2020-1352HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows USO Core Worker Elev…
- CVE-2020-13522HIGHCVSS 7.1EG 7.12020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send …
- CVE-2020-1353HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1370, CVE-2020-139…
- CVE-2020-13534HIGHCVSS 7.8EG 7.82021-04-09
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation wh…
- CVE-2020-13536HIGHCVSS 7.8EG 7.82020-11-05
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By defa…
- CVE-2020-13537HIGHCVSS 7.8EG 7.82020-11-05
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By defau…
- CVE-2020-13539HIGHCVSS 7.8EG 7.82021-01-05
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can ove…
- CVE-2020-1354HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host El…
- CVE-2020-13540HIGHCVSS 7.8EG 7.82021-01-05
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite…
- CVE-2020-13541HIGHCVSS 8.8EG 8.82021-01-05
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbi…
- CVE-2020-13549HIGHCVSS 7.8EG 7.82021-02-19
An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitra…
- CVE-2020-13551HIGHCVSS 8.8EG 8.82021-02-17
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loade…
- CVE-2020-13552HIGHCVSS 8.8EG 8.82021-02-17
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an …
- CVE-2020-13553HIGHCVSS 8.8EG 8.82021-02-17
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can eit…
- CVE-2020-13554HIGHCVSS 7.8EG 7.82021-03-03
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can eit…
- CVE-2020-13555HIGHCVSS 8.8EG 8.82021-02-17
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded m…
- CVE-2020-1356HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'.
- CVE-2020-1357HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'.
- CVE-2020-1359HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID i…
- CVE-2020-1360HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations, aka 'Windows Profile Service Elevation of Privilege Vulnerability'.
- CVE-2020-1362HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1369.
- CVE-2020-1363HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Picker Platform Elev…
- CVE-2020-13638CRITICALCVSS 9.8EG 9.82020-11-13
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.
- CVE-2020-1365HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging …
- CVE-2020-13657MEDIUMCVSS 5.5EG 5.52020-06-29
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.
- CVE-2020-1366HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory, aka 'Windows Print Workflow Service Elevation of Privilege Vulnerability'.
- CVE-2020-1368HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory, aka 'Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability'.
- CVE-2020-1369HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1362.
- CVE-2020-13695HIGHCVSS 7.2EG 7.22020-06-01
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /ro…
- CVE-2020-1370HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-139…
- CVE-2020-1371HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging …
- CVE-2020-1372HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE …
- CVE-2020-1373HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…
- CVE-2020-1375HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'.
- CVE-2020-1376HIGHCVSS 7.8EG 7.82020-09-11
<p>An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerabil…
- CVE-2020-1377HIGHCVSS 7.8EG 7.82020-08-17
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A local…
- CVE-2020-13776MEDIUMCVSS 6.7EG 6.72020-06-03
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exi…
- CVE-2020-1378HIGHCVSS 7.5EG 7.82020-08-17
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A local…
- CVE-2020-1382HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1381.
- CVE-2020-1384HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID i…
- CVE-2020-13841CRITICALCVSS 9.8EG 9.82020-06-05
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).
- CVE-2020-1385HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory, aka 'Windows Credential Picker Elevation of Privilege Vulnerability'.
- CVE-2020-13854CRITICALCVSS 9.8EG 9.82020-06-11
Artica Pandora FMS 7.44 allows privilege escalation.
- CVE-2020-1387HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'.
Map vulnerabilities like CWE-269 to your infrastructure
EchelonGraph correlates every CVE — across CWE-269 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →