CWE-269— Improper Privilege Management
4,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-269page 47 of 85
- CVE-2021-4106HIGHCVSS 7.8EG 7.82022-02-16
A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0
- CVE-2021-41073HIGHCVSS 7.8EG 7.82021-09-19
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
- CVE-2021-41285HIGHCVSS 7.8EG 7.82021-10-04
Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with p…
- CVE-2021-41322HIGHCVSS 8.8EG 8.82021-10-04
Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.
- CVE-2021-41333HIGHCVSS 7.8EG 7.82021-12-15
Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2021-41334HIGHCVSS 7.0EG 7.02021-10-13
Windows Desktop Bridge Elevation of Privilege Vulnerability
- CVE-2021-41335HIGHCVSS 7.8EG 7.82021-10-13
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-41339MEDIUMCVSS 4.7EG 4.72021-10-13
Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2021-41345HIGHCVSS 7.8EG 7.82021-10-13
Storage Spaces Controller Elevation of Privilege Vulnerability
- CVE-2021-41347HIGHCVSS 7.8EG 7.82021-10-13
Windows AppX Deployment Service Elevation of Privilege Vulnerability
- CVE-2021-41348HIGHCVSS 8.0EG 8.02021-10-13
Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2021-41357HIGHCVSS 7.8EG 9.0⚠ KEV2021-10-13
Win32k Elevation of Privilege Vulnerability
- CVE-2021-41366HIGHCVSS 7.8EG 7.82021-11-10
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
- CVE-2021-41367HIGHCVSS 7.8EG 7.82021-11-10
NTFS Elevation of Privilege Vulnerability
- CVE-2021-41370HIGHCVSS 7.8EG 7.82021-11-10
NTFS Elevation of Privilege Vulnerability
- CVE-2021-41377HIGHCVSS 7.8EG 7.82021-11-10
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
- CVE-2021-41379MEDIUMCVSS 5.5EG 9.0⚠ KEV2021-11-10
Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-41387HIGHCVSS 8.8EG 8.82021-09-17
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.
- CVE-2021-41388HIGHCVSS 7.8EG 7.82022-01-04
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low…
- CVE-2021-41504HIGHCVSS 8.0EG 8.02021-09-24
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configurati…
- CVE-2021-41869HIGHCVSS 8.8EG 8.82021-10-04
SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.
- CVE-2021-4200MEDIUMCVSS 5.4EG 5.42022-05-02
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior …
- CVE-2021-42029HIGHCVSS 7.8EG 7.82022-04-12
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve …
- CVE-2021-42082HIGHCVSS 7.8EG 7.12023-07-10
Local users are able to execute scripts under root privileges. POC On the local host run the following command: curl 'localhost:8154/qstor/qs_upgrade.py?taskId=1&a=;`whoami`'
- CVE-2021-42086HIGHCVSS 8.8EG 8.82021-10-07
An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.
- CVE-2021-4210MEDIUMCVSS 6.7EG 6.72022-04-22
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
- CVE-2021-42104HIGHCVSS 7.8EG 7.82021-10-21
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installat…
- CVE-2021-42105HIGHCVSS 7.8EG 7.82021-10-21
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installat…
- CVE-2021-42106HIGHCVSS 7.8EG 7.82021-10-21
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installat…
- CVE-2021-42107HIGHCVSS 7.8EG 7.82021-10-21
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installat…
- CVE-2021-42108HIGHCVSS 7.8EG 7.82021-10-21
Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: a…
- CVE-2021-42109CRITICALCVSS 9.8EG 9.82021-10-08
VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.
- CVE-2021-42128CRITICALCVSS 9.8EG 9.82021-12-07
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.
- CVE-2021-42135HIGHCVSS 8.1EG 8.12021-10-11
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user …
- CVE-2021-42137MEDIUMCVSS 5.3EG 5.32021-10-11
An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
- CVE-2021-42277MEDIUMCVSS 5.5EG 5.52021-11-10
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
- CVE-2021-42278HIGHCVSS 7.5EG 9.0⚠ KEV2021-11-10
Active Directory Domain Services Elevation of Privilege Vulnerability
- CVE-2021-42280MEDIUMCVSS 5.5EG 5.52021-11-10
Windows Feedback Hub Elevation of Privilege Vulnerability
- CVE-2021-42282HIGHCVSS 7.5EG 8.82021-11-10
Active Directory Domain Services Elevation of Privilege Vulnerability
- CVE-2021-42283HIGHCVSS 8.8EG 7.82021-11-10
NTFS Elevation of Privilege Vulnerability
- CVE-2021-42285HIGHCVSS 7.8EG 7.82021-11-10
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-42286HIGHCVSS 7.8EG 7.82021-11-10
Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability
- CVE-2021-42287HIGHCVSS 7.5EG 9.0⚠ KEV2021-11-10
Active Directory Domain Services Elevation of Privilege Vulnerability
- CVE-2021-42291HIGHCVSS 7.5EG 8.82021-11-10
Active Directory Domain Services Elevation of Privilege Vulnerability
- CVE-2021-42302MEDIUMCVSS 6.6EG 6.62021-11-10
Azure RTOS Elevation of Privilege Vulnerability
- CVE-2021-42303MEDIUMCVSS 6.6EG 6.62021-11-10
Azure RTOS Elevation of Privilege Vulnerability
- CVE-2021-42304MEDIUMCVSS 6.6EG 6.62021-11-10
Azure RTOS Elevation of Privilege Vulnerability
- CVE-2021-42312HIGHCVSS 7.8EG 7.82021-12-15
Microsoft Defender for IoT Elevation of Privilege Vulnerability
- CVE-2021-42319MEDIUMCVSS 4.7EG 4.72021-11-10
Visual Studio Elevation of Privilege Vulnerability
- CVE-2021-42322HIGHCVSS 7.8EG 7.82021-11-10
Visual Studio Code Elevation of Privilege Vulnerability
Map vulnerabilities like CWE-269 to your infrastructure
EchelonGraph correlates every CVE — across CWE-269 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →