Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2024-29975 ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.
local
low complexity
CWE-269
6.7
2024-06-04 CVE-2024-29976 ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.
network
low complexity
CWE-269
6.5
2024-04-09 CVE-2024-29052 Improper Privilege Management vulnerability in Microsoft products
Windows Storage Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-269
7.8
2024-04-05 CVE-2023-6522 Improper Privilege Management vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3914.
network
low complexity
CWE-269
7.2
2024-03-21 CVE-2023-47715 Improper Privilege Management vulnerability in IBM Storage Protect Plus
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration.
network
low complexity
ibm CWE-269
4.3
2024-02-15 CVE-2023-4993 Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
network
low complexity
CWE-269
7.5
2024-02-10 CVE-2023-50957 Improper Privilege Management vulnerability in IBM Storage Defender Resiliency Service 2.0
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage.
network
low complexity
ibm CWE-269
7.2
2024-02-08 CVE-2024-22795 Improper Privilege Management vulnerability in Forescout Secureconnector 11.3.06.0063
Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.
local
high complexity
forescout CWE-269
7.0
2024-02-08 CVE-2024-23764 Improper Privilege Management vulnerability in Withsecure products
Certain WithSecure products allow Local Privilege Escalation.
local
low complexity
withsecure CWE-269
6.7
2024-02-06 CVE-2024-22237 Improper Privilege Management vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
local
low complexity
vmware CWE-269
7.8