Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2021-36302 Improper Privilege Management vulnerability in Dell EMC Integrated System for Microsoft Azure Stack HUB Firmware
All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability.
network
low complexity
dell CWE-269
critical
9.9
2022-02-09 CVE-2021-37852 Improper Privilege Management vulnerability in Eset products
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.
local
low complexity
eset CWE-269
7.8
2022-02-02 CVE-2022-22509 Improper Privilege Management vulnerability in Phoenixcontact products
In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.
network
low complexity
phoenixcontact CWE-269
8.8
2022-01-24 CVE-2021-45222 Improper Privilege Management vulnerability in Coins-Global Coins Construction Cloud 11.12
An issue was discovered in COINS Construction Cloud 11.12.
network
low complexity
coins-global CWE-269
8.8
2022-01-18 CVE-2022-0090 Improper Privilege Management vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab CWE-269
6.5
2022-01-13 CVE-2021-34998 Improper Privilege Management vulnerability in Watchguard Panda Antivirus 18.0
This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0.
local
low complexity
watchguard CWE-269
7.8
2022-01-12 CVE-2021-42562 Improper Privilege Management vulnerability in Mitre Caldera
An issue was discovered in CALDERA 2.8.1.
network
low complexity
mitre CWE-269
8.1
2022-01-10 CVE-2022-22263 Improper Privilege Management vulnerability in Google Android 11.0
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.
local
low complexity
google CWE-269
5.5
2022-01-10 CVE-2022-22266 Improper Privilege Management vulnerability in Google Android 10.0/11.0/9.0
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
local
low complexity
google CWE-269
3.3
2022-01-10 CVE-2021-45440 Improper Privilege Management vulnerability in Trendmicro products
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges.
local
low complexity
trendmicro CWE-269
7.8