Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2023-09-01 CVE-2023-4697 Improper Privilege Management vulnerability in Usememos Memos
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
network
low complexity
usememos CWE-269
8.8
2023-08-31 CVE-2023-31175 Improper Privilege Management vulnerability in Selinc Sel-5037 SEL Grid Configurator
An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
network
low complexity
selinc CWE-269
critical
9.8
2023-08-31 CVE-2023-41743 Improper Privilege Management vulnerability in Acronis Agent, Cyber Protect and Cyber Protect Home Office
Local privilege escalation due to insecure driver communication port permissions.
local
low complexity
acronis CWE-269
7.8
2023-08-31 CVE-2022-45451 Improper Privilege Management vulnerability in Acronis Agent, Cyber Protect and Cyber Protect Home Office
Local privilege escalation due to insecure driver communication port permissions.
local
low complexity
acronis CWE-269
7.8
2023-08-30 CVE-2023-20266 Improper Privilege Management vulnerability in Cisco products
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades.
network
low complexity
cisco CWE-269
7.2
2023-08-29 CVE-2023-32457 Improper Privilege Management vulnerability in Dell Powerscale Onefs 9.5.0.0
Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability.
network
low complexity
dell CWE-269
8.8
2023-08-25 CVE-2019-13690 Improper Privilege Management vulnerability in Google Chrome
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file.
network
low complexity
google CWE-269
critical
9.6
2023-08-23 CVE-2023-4404 Improper Privilege Management vulnerability in Wpcharitable Charitable
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function.
network
low complexity
wpcharitable CWE-269
critical
9.8
2023-08-22 CVE-2023-38734 Improper Privilege Management vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory.
network
low complexity
ibm CWE-269
critical
9.8
2023-08-14 CVE-2023-21269 Improper Privilege Management vulnerability in Google Android 13.0
In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass.
local
low complexity
google CWE-269
7.8