CWE-269— Improper Privilege Management
4,220 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-269page 26 of 85
- CVE-2020-17074HIGHCVSS 7.8EG 7.82020-11-11
Windows Update Orchestrator Service Elevation of Privilege Vulnerability
- CVE-2020-17075HIGHCVSS 7.8EG 7.82020-11-11
Windows USO Core Worker Elevation of Privilege Vulnerability
- CVE-2020-17076HIGHCVSS 7.8EG 7.82020-11-11
Windows Update Orchestrator Service Elevation of Privilege Vulnerability
- CVE-2020-17077HIGHCVSS 7.8EG 7.82020-11-11
Windows Update Stack Elevation of Privilege Vulnerability
- CVE-2020-1708HIGHCVSS 7.0EG 7.02020-02-07
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An at…
- CVE-2020-17087HIGHCVSS 7.8EG 9.0⚠ KEV2020-11-11
Windows Kernel Local Elevation of Privilege Vulnerability
- CVE-2020-17088HIGHCVSS 7.8EG 7.82020-11-11
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2020-17089HIGHCVSS 7.1EG 7.12020-12-10
Microsoft SharePoint Elevation of Privilege Vulnerability
- CVE-2020-17092HIGHCVSS 7.8EG 7.82020-12-10
Windows Network Connections Service Elevation of Privilege Vulnerability
- CVE-2020-17097LOWCVSS 3.3EG 3.32020-12-10
Windows Digital Media Receiver Elevation of Privilege Vulnerability
- CVE-2020-17103HIGHCVSS 7.0EG 7.02020-12-10
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- CVE-2020-17134HIGHCVSS 7.8EG 7.82020-12-10
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- CVE-2020-17136HIGHCVSS 7.8EG 7.82020-12-10
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- CVE-2020-17137HIGHCVSS 7.8EG 7.82020-12-10
DirectX Graphics Kernel Elevation of Privilege Vulnerability
- CVE-2020-1742HIGHCVSS 7.0EG 7.02021-06-07
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before…
- CVE-2020-18169HIGHCVSS 7.8EG 7.82021-07-26
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided…
- CVE-2020-1817HIGHCVSS 7.8EG 7.82020-04-30
Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can inject commands to exploit this vulnerability…
- CVE-2020-18170CRITICALCVSS 9.8EG 9.82021-07-26
An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions.
- CVE-2020-18171HIGHCVSS 8.8EG 8.82021-07-26
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto i…
- CVE-2020-18174CRITICALCVSS 9.8EG 9.82021-07-26
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges.
- CVE-2020-1844HIGHCVSS 7.8EG 7.82020-02-28
PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation m…
- CVE-2020-1845MEDIUMCVSS 6.7EG 6.72020-04-27
Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause…
- CVE-2020-1885HIGHCVSS 7.8EG 7.82020-04-08
Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a …
- CVE-2020-19111CRITICALCVSS 9.8EG 9.82021-05-06
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
- CVE-2020-19305CRITICALCVSS 9.8EG 9.82021-08-03
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
- CVE-2020-19417HIGHCVSS 8.8EG 8.82021-03-10
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.
- CVE-2020-1955CRITICALCVSS 9.8EG 9.82020-05-20
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_us…
- CVE-2020-19641HIGHCVSS 8.8EG 8.82021-03-30
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'.
- CVE-2020-19778CRITICALCVSS 9.8EG 9.82021-04-14
Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request.
- CVE-2020-1989HIGHCVSS 7.0EG 7.02020-04-08
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This …
- CVE-2020-1991HIGHCVSS 7.8EG 7.82020-04-08
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 ver…
- CVE-2020-2022HIGHCVSS 7.5EG 7.52020-11-12
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context swi…
- CVE-2020-21046HIGHCVSS 7.8EG 7.82022-06-24
A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their …
- CVE-2020-23128MEDIUMCVSS 4.9EG 4.92021-05-06
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
- CVE-2020-23362HIGHCVSS 7.1EG 7.12023-05-09
Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter.
- CVE-2020-23426CRITICALCVSS 9.8EG 9.82021-04-08
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.
- CVE-2020-23722HIGHCVSS 8.8EG 8.82021-03-10
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.
- CVE-2020-23735HIGHCVSS 7.8EG 7.82020-12-03
In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges
- CVE-2020-23740HIGHCVSS 7.8EG 7.82020-12-03
In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges.
- CVE-2020-24045HIGHCVSS 7.2EG 7.22020-09-17
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by present…
- CVE-2020-24046HIGHCVSS 7.2EG 7.22020-09-17
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after cha…
- CVE-2020-24307HIGHCVSS 7.8EG 7.82023-02-02
An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.
- CVE-2020-24330HIGHCVSS 7.8EG 7.82020-08-13
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.
- CVE-2020-24331HIGHCVSS 7.8EG 7.82020-08-13
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).
- CVE-2020-24367HIGHCVSS 7.8EG 7.82020-11-10
Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.
- CVE-2020-24515MEDIUMCVSS 6.8EG 6.82021-06-09
Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
- CVE-2020-24556HIGHCVSS 7.8EG 7.82020-09-01
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which the…
- CVE-2020-24557HIGHCVSS 7.8EG 9.0⚠ KEV2020-09-01
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function a…
- CVE-2020-24559HIGHCVSS 7.8EG 7.82020-09-01
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, wh…
- CVE-2020-24562HIGHCVSS 7.8EG 7.82020-09-29
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker mus…
Map vulnerabilities like CWE-269 to your infrastructure
EchelonGraph correlates every CVE — across CWE-269 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →