CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-269

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44038 269 2021-11-19 2021-11-26
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
2 CVE-2021-43397 269 2021-11-11 2021-11-26
9.0
None Remote Low ??? Complete Complete Complete
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.
3 CVE-2021-42956 269 Exec Code 2021-11-17 2021-11-18
6.5
None Remote Low ??? Partial Partial Partial
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.
4 CVE-2021-42322 269 2021-11-10 2021-11-15
4.6
None Local Low Not required Partial Partial Partial
Visual Studio Code Elevation of Privilege Vulnerability
5 CVE-2021-42319 269 2021-11-10 2021-11-15
2.1
None Local Low Not required None None Partial
Visual Studio Elevation of Privilege Vulnerability
6 CVE-2021-42304 269 2021-11-10 2021-11-15
7.2
None Local Low Not required Complete Complete Complete
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42303.
7 CVE-2021-42303 269 2021-11-10 2021-11-15
7.2
None Local Low Not required Complete Complete Complete
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42304.
8 CVE-2021-42302 269 2021-11-10 2021-11-15
7.2
None Local Low Not required Complete Complete Complete
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42303, CVE-2021-42304.
9 CVE-2021-42291 269 2021-11-10 2021-11-13
6.5
None Remote Low ??? Partial Partial Partial
Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42287.
10 CVE-2021-42287 269 2021-11-10 2021-11-13
6.5
None Remote Low ??? Partial Partial Partial
Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.
11 CVE-2021-42286 269 2021-11-10 2021-11-13
4.6
None Local Low Not required Partial Partial Partial
Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability
12 CVE-2021-42285 269 2021-11-10 2021-11-13
7.2
None Local Low Not required Complete Complete Complete
Windows Kernel Elevation of Privilege Vulnerability
13 CVE-2021-42283 269 2021-11-10 2021-11-13
4.6
None Local Low Not required Partial Partial Partial
NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-41370.
14 CVE-2021-42282 269 2021-11-10 2021-11-13
6.5
None Remote Low ??? Partial Partial Partial
Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42287, CVE-2021-42291.
15 CVE-2021-42280 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
Windows Feedback Hub Elevation of Privilege Vulnerability
16 CVE-2021-42278 269 2021-11-10 2021-11-12
6.5
None Remote Low ??? Partial Partial Partial
Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42282, CVE-2021-42287, CVE-2021-42291.
17 CVE-2021-42277 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
18 CVE-2021-42137 269 2021-10-11 2021-10-19
5.0
None Remote Low Not required Partial None None
An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
19 CVE-2021-42109 269 2021-10-08 2021-10-19
10.0
None Remote Low Not required Complete Complete Complete
VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.
20 CVE-2021-42108 269 Exec Code 2021-10-21 2021-10-27
4.6
None Local Low Not required Partial Partial Partial
Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
21 CVE-2021-42107 269 Exec Code 2021-10-21 2021-10-27
4.6
None Local Low Not required Partial Partial Partial
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106.
22 CVE-2021-42106 269 Exec Code 2021-10-21 2021-10-27
4.6
None Local Low Not required Partial Partial Partial
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107.
23 CVE-2021-42105 269 Exec Code 2021-10-21 2021-10-27
4.6
None Local Low Not required Partial Partial Partial
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107.
24 CVE-2021-42104 269 Exec Code 2021-10-21 2021-10-27
4.6
None Local Low Not required Partial Partial Partial
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107.
25 CVE-2021-42086 269 2021-10-07 2021-10-14
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.
26 CVE-2021-41869 269 2021-10-04 2021-10-12
6.5
None Remote Low ??? Partial Partial Partial
SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.
27 CVE-2021-41617 269 2021-09-26 2021-10-14
4.4
None Local Medium Not required Partial Partial Partial
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
28 CVE-2021-41504 269 2021-09-24 2021-11-19
5.2
None Local Network Low ??? Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
29 CVE-2021-41387 269 2021-09-17 2021-09-29
8.5
None Remote Medium ??? Complete Complete Complete
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.
30 CVE-2021-41379 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
Windows Installer Elevation of Privilege Vulnerability
31 CVE-2021-41377 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
32 CVE-2021-41370 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-42283.
33 CVE-2021-41367 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283.
34 CVE-2021-41366 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
35 CVE-2021-41357 269 2021-10-13 2021-10-19
4.6
None Local Low Not required Partial Partial Partial
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450.
36 CVE-2021-41348 269 2021-10-13 2021-10-19
5.2
None Local Network Low ??? Partial Partial Partial
Microsoft Exchange Server Elevation of Privilege Vulnerability
37 CVE-2021-41347 269 2021-10-13 2021-10-19
4.6
None Local Low Not required Partial Partial Partial
Windows AppX Deployment Service Elevation of Privilege Vulnerability
38 CVE-2021-41345 269 2021-10-13 2021-10-19
7.2
None Local Low Not required Complete Complete Complete
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489.
39 CVE-2021-41339 269 2021-10-13 2021-10-19
4.6
None Local Low Not required Partial Partial Partial
Microsoft DWM Core Library Elevation of Privilege Vulnerability
40 CVE-2021-41335 269 2021-10-13 2021-10-19
7.2
None Local Low Not required Complete Complete Complete
Windows Kernel Elevation of Privilege Vulnerability
41 CVE-2021-41334 269 2021-10-13 2021-10-19
4.6
None Local Low Not required Partial Partial Partial
Windows Desktop Bridge Elevation of Privilege Vulnerability
42 CVE-2021-41322 269 2021-10-04 2021-11-17
6.5
None Remote Low ??? Partial Partial Partial
Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.
43 CVE-2021-41285 269 2021-10-04 2021-10-13
7.2
None Local Low Not required Complete Complete Complete
Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\SYSTEM.
44 CVE-2021-41073 269 +Priv 2021-09-19 2021-10-14
7.2
None Local Low Not required Complete Complete Complete
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
45 CVE-2021-41022 269 Exec Code 2021-11-02 2021-11-04
4.6
None Local Low Not required Partial Partial Partial
A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts
46 CVE-2021-40989 269 2021-10-15 2021-10-21
7.2
None Local Low Not required Complete Complete Complete
A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
47 CVE-2021-40854 269 2021-10-14 2021-10-20
4.6
None Local Low Not required Partial Partial Partial
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.
48 CVE-2021-40489 269 2021-10-13 2021-10-19
7.2
None Local Low Not required Complete Complete Complete
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-41345.
49 CVE-2021-40488 269 2021-10-13 2021-10-19
7.2
None Local Low Not required Complete Complete Complete
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40489, CVE-2021-41345.
50 CVE-2021-40478 269 2021-10-13 2021-10-19
7.2
None Local Low Not required Complete Complete Complete
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.
Total number of vulnerabilities : 2124   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.