CWE-269— Improper Privilege Management
4,218 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-269page 22 of 85
- CVE-2020-1388HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1392, CVE-2020-1394, CVE-2020-1395.
- CVE-2020-1390HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…
- CVE-2020-13912HIGHCVSS 7.3EG 7.32020-06-07
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
- CVE-2020-1392HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1394…
- CVE-2020-1393HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privile…
- CVE-2020-1394HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-20…
- CVE-2020-1395HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020…
- CVE-2020-1396HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the …
- CVE-2020-1398MEDIUMCVSS 6.8EG 6.82020-07-14
An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.The security up…
- CVE-2020-1399HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-137…
- CVE-2020-1402HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX In…
- CVE-2020-14032CRITICALCVSS 9.8EG 9.82021-07-23
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM.
- CVE-2020-1404HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-137…
- CVE-2020-1405HIGHCVSS 7.1EG 7.12020-07-14
An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is un…
- CVE-2020-1406HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.
- CVE-2020-14100CRITICALCVSS 9.8EG 9.82020-09-11
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.
- CVE-2020-1411HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1336.
- CVE-2020-1412HIGHCVSS 8.8EG 8.82020-07-14
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.
- CVE-2020-1413HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-137…
- CVE-2020-1414HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-137…
- CVE-2020-1415HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-137…
- CVE-2020-1416HIGHCVSS 8.8EG 8.82020-07-14
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
- CVE-2020-14162HIGHCVSS 7.8EG 7.82020-07-30
An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this …
- CVE-2020-1417MEDIUMCVSS 5.5EG 5.52020-08-17
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then in…
- CVE-2020-14194MEDIUMCVSS 5.4EG 5.42020-08-21
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
- CVE-2020-14215HIGHCVSS 7.5EG 7.52020-08-21
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
- CVE-2020-1422HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-137…
- CVE-2020-1423HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.
- CVE-2020-1424HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'.
- CVE-2020-1427HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…
- CVE-2020-1428HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…
- CVE-2020-1429HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.
- CVE-2020-1430HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host El…
- CVE-2020-1431HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to…
- CVE-2020-14318MEDIUMCVSS 4.3EG 4.32020-12-03
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
- CVE-2020-1434MEDIUMCVSS 5.3EG 5.32020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'.
- CVE-2020-1437HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'.
- CVE-2020-1438HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…
- CVE-2020-14460MEDIUMCVSS 6.5EG 6.52020-06-19
An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
- CVE-2020-14493HIGHCVSS 8.8EG 8.82020-07-29
A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.
- CVE-2020-1461HIGHCVSS 7.1EG 7.12020-07-14
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elev…
- CVE-2020-1463HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'.
- CVE-2020-1465HIGHCVSS 7.8EG 7.82020-07-14
An elevation of privilege vulnerability exists in Microsoft OneDrive that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft OneDrive Elevation of …
- CVE-2020-1467CRITICALCVSS 10.0EG 10.02020-08-17
An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerabili…
- CVE-2020-1470HIGHCVSS 7.8EG 7.82020-08-17
An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run …
- CVE-2020-1471HIGHCVSS 7.3EG 7.32020-09-11
<p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p> <p>T…
- CVE-2020-1472MEDIUMCVSS 5.5EG 10.0⚠ KEV2020-08-17
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vu…
- CVE-2020-1475HIGHCVSS 7.8EG 7.82020-08-17
An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a…
- CVE-2020-1476MEDIUMCVSS 5.5EG 5.52020-08-17
An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. T…
- CVE-2020-1479HIGHCVSS 7.8EG 7.82020-08-17
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; v…
Map vulnerabilities like CWE-269 to your infrastructure
EchelonGraph correlates every CVE — across CWE-269 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →