CWE-269— Improper Privilege Management
4,225 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-269page 39 of 85
- CVE-2021-26860HIGHCVSS 7.8EG 7.82021-03-11
Windows App-V Overlay Filter Elevation of Privilege Vulnerability
- CVE-2021-26862HIGHCVSS 7.0EG 7.82021-03-11
Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-26863HIGHCVSS 7.0EG 7.02021-03-11
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2021-26864HIGHCVSS 8.4EG 7.82021-03-11
Windows Virtual Registry Provider Elevation of Privilege Vulnerability
- CVE-2021-26865HIGHCVSS 8.8EG 7.82021-03-11
Windows Container Execution Agent Elevation of Privilege Vulnerability
- CVE-2021-26866HIGHCVSS 7.1EG 6.12021-03-11
Windows Update Service Elevation of Privilege Vulnerability
- CVE-2021-26868HIGHCVSS 7.8EG 7.82021-03-11
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2021-26870HIGHCVSS 7.8EG 7.82021-03-11
Windows Projected File System Elevation of Privilege Vulnerability
- CVE-2021-26871HIGHCVSS 7.8EG 7.82021-03-11
Windows WalletService Elevation of Privilege Vulnerability
- CVE-2021-26872HIGHCVSS 7.8EG 7.82021-03-11
Windows Event Tracing Elevation of Privilege Vulnerability
- CVE-2021-26873HIGHCVSS 7.0EG 7.82021-03-11
Windows User Profile Service Elevation of Privilege Vulnerability
- CVE-2021-26874HIGHCVSS 7.8EG 7.82021-03-11
Windows Overlay Filter Elevation of Privilege Vulnerability
- CVE-2021-26875HIGHCVSS 7.8EG 7.82021-03-11
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2021-26878HIGHCVSS 7.8EG 7.82021-03-11
Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2021-26880HIGHCVSS 7.8EG 7.82021-03-11
Storage Spaces Controller Elevation of Privilege Vulnerability
- CVE-2021-26882HIGHCVSS 7.8EG 7.82021-03-11
Remote Access API Elevation of Privilege Vulnerability
- CVE-2021-26885HIGHCVSS 7.8EG 7.82021-03-11
Windows WalletService Elevation of Privilege Vulnerability
- CVE-2021-26887HIGHCVSS 7.8EG 7.82021-03-11
<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploite…
- CVE-2021-26889HIGHCVSS 7.8EG 7.82021-03-11
Windows Update Stack Elevation of Privilege Vulnerability
- CVE-2021-26891HIGHCVSS 7.8EG 7.82021-03-11
Windows Container Execution Agent Elevation of Privilege Vulnerability
- CVE-2021-26898HIGHCVSS 7.8EG 7.82021-03-11
Windows Event Tracing Elevation of Privilege Vulnerability
- CVE-2021-26899HIGHCVSS 7.8EG 7.82021-03-11
Windows UPnP Device Host Elevation of Privilege Vulnerability
- CVE-2021-26900HIGHCVSS 7.8EG 7.82021-03-11
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2021-26901HIGHCVSS 7.8EG 7.82021-03-11
Windows Event Tracing Elevation of Privilege Vulnerability
- CVE-2021-26909LOWCVSS 3.7EG 5.32021-04-23
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in …
- CVE-2021-26936HIGHCVSS 7.8EG 7.82021-02-10
The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations.
- CVE-2021-27006MEDIUMCVSS 4.4EG 4.42021-12-23
StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager.
- CVE-2021-27064HIGHCVSS 7.8EG 7.82021-04-13
Visual Studio Installer Elevation of Privilege Vulnerability
- CVE-2021-27070HIGHCVSS 7.3EG 7.82021-03-11
Windows 10 Update Assistant Elevation of Privilege Vulnerability
- CVE-2021-27072HIGHCVSS 7.0EG 7.82021-04-13
Win32k Elevation of Privilege Vulnerability
- CVE-2021-27077HIGHCVSS 7.8EG 7.82021-03-11
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2021-27086HIGHCVSS 7.8EG 7.82021-04-13
Windows Services and Controller App Elevation of Privilege Vulnerability
- CVE-2021-27088HIGHCVSS 7.8EG 7.82021-04-13
Windows Event Tracing Elevation of Privilege Vulnerability
- CVE-2021-27090HIGHCVSS 7.8EG 7.82021-04-13
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
- CVE-2021-27091HIGHCVSS 7.8EG 7.82021-04-13
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
- CVE-2021-27096HIGHCVSS 7.8EG 7.82021-04-13
NTFS Elevation of Privilege Vulnerability
- CVE-2021-27192HIGHCVSS 7.8EG 7.82021-03-25
Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients.
- CVE-2021-27216MEDIUMCVSS 6.3EG 6.32021-05-06
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
- CVE-2021-27379HIGHCVSS 7.8EG 7.82021-02-18
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport mis…
- CVE-2021-27394HIGHCVSS 8.8EG 8.82021-04-16
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix A…
- CVE-2021-27445HIGHCVSS 7.8EG 7.82021-12-21
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device.
- CVE-2021-27448HIGHCVSS 7.8EG 7.82021-03-25
A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).
- CVE-2021-27454HIGHCVSS 7.8EG 7.82021-03-25
The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).
- CVE-2021-27483HIGHCVSS 7.8EG 7.82021-06-16
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.
- CVE-2021-27522HIGHCVSS 8.8EG 8.82021-04-08
Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtai…
- CVE-2021-27579HIGHCVSS 7.8EG 7.82021-02-23
Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it shoul…
- CVE-2021-27657HIGHCVSS 8.8EG 8.82021-06-04
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to …
- CVE-2021-27661HIGHCVSS 8.8EG 8.82021-07-01
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify …
- CVE-2021-27664CRITICALCVSS 9.8EG 9.82021-10-11
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
- CVE-2021-27765MEDIUMCVSS 6.7EG 7.82022-05-06
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an Install…
Map vulnerabilities like CWE-269 to your infrastructure
EchelonGraph correlates every CVE — across CWE-269 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →