Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-34147 Improper Privilege Management vulnerability in Trendmicro Apex ONE
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.
local
low complexity
trendmicro CWE-269
7.8
2023-06-26 CVE-2023-34148 Improper Privilege Management vulnerability in Trendmicro Apex ONE
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.
local
low complexity
trendmicro CWE-269
7.8
2023-06-16 CVE-2023-25185 Improper Privilege Management vulnerability in Nokia Asika Airscale Firmware
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B.
local
low complexity
nokia CWE-269
7.8
2023-06-16 CVE-2023-25188 Improper Privilege Management vulnerability in Nokia Asika Airscale Firmware
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B.
local
low complexity
nokia CWE-269
7.8
2023-06-15 CVE-2023-2847 Improper Privilege Management vulnerability in Eset Cyber Security, Endpoint Antivirus and Server Security
During internal security analysis, a local privilege escalation vulnerability has been identified.
local
low complexity
eset CWE-269
7.8
2023-06-14 CVE-2023-26062 Improper Privilege Management vulnerability in Nokia web Element Manager 21B
A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions.
local
low complexity
nokia CWE-269
7.8
2023-06-07 CVE-2019-25151 Improper Privilege Management vulnerability in Cartflows
The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0.
network
low complexity
cartflows CWE-269
4.3
2023-06-06 CVE-2023-2833 Improper Privilege Management vulnerability in Wpdeveloper Reviewx
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function.
network
low complexity
wpdeveloper CWE-269
8.8
2023-06-01 CVE-2023-32713 Improper Privilege Management vulnerability in Splunk APP for Stream
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.
network
low complexity
splunk CWE-269
critical
9.9
2023-05-30 CVE-2023-29734 Improper Privilege Management vulnerability in MWM Edjing MIX 7.09.01
An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database.
network
low complexity
mwm CWE-269
critical
9.8