Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2023-03-22 CVE-2023-25590 Improper Privilege Management vulnerability in Arubanetworks Clearpass Policy Manager
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role.
local
low complexity
arubanetworks CWE-269
7.8
2023-03-16 CVE-2023-21458 Improper Privilege Management vulnerability in Samsung Android 11.0/12.0/13.0
Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.
local
low complexity
samsung CWE-269
3.3
2023-03-16 CVE-2023-24760 Improper Privilege Management vulnerability in Ofcms Project Ofcms 1.1.4
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.
network
low complexity
ofcms-project CWE-269
8.8
2023-03-12 CVE-2022-48365 Improper Privilege Management vulnerability in Ibexa Digital Experience Platform and EZ Platform Kernel
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26.
network
low complexity
ibexa CWE-269
7.2
2023-03-07 CVE-2022-39953 Improper Privilege Management vulnerability in Fortinet Fortinac
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.
local
low complexity
fortinet CWE-269
7.8
2023-03-03 CVE-2022-45988 Improper Privilege Management vulnerability in Starsoftcomm Coocare
starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload.
local
low complexity
starsoftcomm CWE-269
7.8
2023-03-02 CVE-2023-26475 Improper Privilege Management vulnerability in Xwiki
XWiki Platform is a generic wiki platform.
network
low complexity
xwiki CWE-269
8.8
2023-03-01 CVE-2022-27677 Improper Privilege Management vulnerability in AMD Ryzen Master 2.2.0.1543
Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user.
local
low complexity
amd CWE-269
7.8
2023-02-16 CVE-2022-38378 Improper Privilege Management vulnerability in Fortinet Fortios and Fortiproxy
An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.
local
low complexity
fortinet CWE-269
6.0
2023-02-16 CVE-2023-24483 Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
local
low complexity
citrix CWE-269
7.8