Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-44219 Improper Privilege Management vulnerability in Sonicwall Directory Services Connector
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.
local
low complexity
sonicwall CWE-269
7.8
2023-10-27 CVE-2023-34057 Improper Privilege Management vulnerability in VMWare Tools
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
local
low complexity
vmware CWE-269
7.8
2023-10-26 CVE-2023-41966 Improper Privilege Management vulnerability in Sielco products
The application suffers from a privilege escalation vulnerability.
network
low complexity
sielco CWE-269
8.8
2023-10-26 CVE-2023-5622 Improper Privilege Management vulnerability in Tenable Nessus Network Monitor 5.11.0/5.11.1/5.12.0
Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.
network
low complexity
tenable CWE-269
8.8
2023-10-17 CVE-2023-41715 Improper Privilege Management vulnerability in Sonicwall Sonicos
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
network
low complexity
sonicwall CWE-269
8.8
2023-10-16 CVE-2023-38280 Improper Privilege Management vulnerability in IBM Hardware Management Console 10.1.1010.0/10.2.1030.0
IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell.
local
low complexity
ibm CWE-269
7.8
2023-10-11 CVE-2023-38817 Improper Privilege Management vulnerability in Echo Anti Cheat Tool
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component.
local
low complexity
echo CWE-269
7.8
2023-10-11 CVE-2023-43960 Improper Privilege Management vulnerability in Dlink Dph-400Se Firmware 2.2.15.8
An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.
network
low complexity
dlink CWE-269
8.8
2023-10-11 CVE-2023-44105 Improper Privilege Management vulnerability in Huawei Emui and Harmonyos
Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
network
low complexity
huawei CWE-269
critical
9.8
2023-10-06 CVE-2023-5214 Improper Privilege Management vulnerability in Puppet Bolt
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.
network
low complexity
puppet CWE-269
critical
9.8