CWE-269— Improper Privilege Management
4,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-269page 53 of 85
- CVE-2022-24077HIGHCVSS 7.8EG 7.82022-06-13
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.
- CVE-2022-24259CRITICALCVSS 9.8EG 9.82022-02-04
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.
- CVE-2022-24305CRITICALCVSS 9.8EG 9.82022-03-02
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
- CVE-2022-24408HIGHCVSS 7.8EG 7.82022-03-08
A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify s…
- CVE-2022-24454HIGHCVSS 7.8EG 7.82022-03-09
Windows Security Support Provider Interface Elevation of Privilege Vulnerability
- CVE-2022-24455HIGHCVSS 7.8EG 7.82022-03-09
Windows CD-ROM Driver Elevation of Privilege Vulnerability
- CVE-2022-24459HIGHCVSS 7.8EG 7.82022-03-09
Windows Fax and Scan Service Elevation of Privilege Vulnerability
- CVE-2022-24460HIGHCVSS 7.0EG 7.02022-03-09
Tablet Windows User Interface Application Elevation of Privilege Vulnerability
- CVE-2022-24469HIGHCVSS 8.1EG 8.82022-03-09
Azure Site Recovery Elevation of Privilege Vulnerability
- CVE-2022-24474HIGHCVSS 7.8EG 7.82022-04-15
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2022-24475HIGHCVSS 8.3EG 8.32022-04-05
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2022-24479HIGHCVSS 7.8EG 7.82022-04-15
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
- CVE-2022-24481HIGHCVSS 7.8EG 7.82022-04-15
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2022-24489HIGHCVSS 7.8EG 7.82022-04-15
Cluster Client Failover (CCF) Elevation of Privilege Vulnerability
- CVE-2022-24515MEDIUMCVSS 6.5EG 6.52022-03-09
Azure Site Recovery Elevation of Privilege Vulnerability
- CVE-2022-24518MEDIUMCVSS 6.5EG 4.92022-03-09
Azure Site Recovery Elevation of Privilege Vulnerability
- CVE-2022-24519MEDIUMCVSS 6.5EG 4.92022-03-09
Azure Site Recovery Elevation of Privilege Vulnerability
- CVE-2022-24527HIGHCVSS 7.8EG 7.82022-04-15
Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability
- CVE-2022-24530HIGHCVSS 7.8EG 7.82022-04-15
Windows Installer Elevation of Privilege Vulnerability
- CVE-2022-24550HIGHCVSS 7.8EG 7.82022-04-15
Windows Telephony Server Elevation of Privilege Vulnerability
- CVE-2022-24637CRITICALCVSS 9.8EG 9.82022-03-18
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (i…
- CVE-2022-24750HIGHCVSS 8.8EG 8.82022-03-10
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) o…
- CVE-2022-24783CRITICALCVSS 10.0EG 10.02022-03-25
Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permis…
- CVE-2022-24812HIGHCVSS 8.0EG 8.02022-04-12
Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given o…
- CVE-2022-24842HIGHCVSS 8.8EG 8.82022-04-12
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assum…
- CVE-2022-24927MEDIUMCVSS 4.2EG 4.22022-02-11
Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission.
- CVE-2022-24931HIGHCVSS 7.9EG 7.82022-03-10
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission
- CVE-2022-2498MEDIUMCVSS 6.4EG 7.52022-08-05
An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of…
- CVE-2022-25089CRITICALCVSS 9.8EG 9.82022-03-03
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.
- CVE-2022-25150HIGHCVSS 7.8EG 7.82022-02-14
In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges.
- CVE-2022-25311HIGHCVSS 7.3EG 7.22022-03-08
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web…
- CVE-2022-25372HIGHCVSS 7.8EG 7.82022-02-20
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
- CVE-2022-25623HIGHCVSS 7.8EG 7.82022-03-04
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.
- CVE-2022-25631HIGHCVSS 7.8EG 7.82023-01-20
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated
- CVE-2022-25636HIGHCVSS 7.8EG 7.82022-02-24
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
- CVE-2022-25643CRITICALCVSS 9.8EG 9.82022-02-24
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
- CVE-2022-2568MEDIUMCVSS 6.5EG 6.52022-08-18
A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser pri…
- CVE-2022-25782MEDIUMCVSS 5.4EG 5.42022-05-04
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.
- CVE-2022-25966HIGHCVSS 7.8EG 7.82022-08-18
Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-26057MEDIUMCVSS 6.7EG 7.82022-06-15
Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file …
- CVE-2022-26113HIGHCVSS 7.7EG 7.12022-07-19
An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the…
- CVE-2022-26118MEDIUMCVSS 6.7EG 6.72022-07-18
A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root…
- CVE-2022-26251HIGHCVSS 7.2EG 7.22022-04-06
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
- CVE-2022-2637MEDIUMCVSS 5.4EG 8.82022-10-06
Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 b…
- CVE-2022-26668HIGHCVSS 7.3EG 7.32022-06-20
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.
- CVE-2022-26676CRITICALCVSS 9.8EG 9.82022-04-07
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.
- CVE-2022-26691MEDIUMCVSS 6.7EG 6.72022-05-26
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
- CVE-2022-26774HIGHCVSS 7.8EG 7.82022-05-26
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
- CVE-2022-26786HIGHCVSS 7.8EG 7.82022-04-15
Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2022-26787HIGHCVSS 7.8EG 7.82022-04-15
Windows Print Spooler Elevation of Privilege Vulnerability
Map vulnerabilities like CWE-269 to your infrastructure
EchelonGraph correlates every CVE — across CWE-269 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →