CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 23/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-01-30
Medium

CVE-2024-21388

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-0674

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting sp…

CVSS: 6.3 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-01-29
High

CVE-2023-1705

Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEd…

CVSS: 8.4 CWE: CWE-862 - Missing Authorization View on NVD
2024-01-26
High

CVE-2024-21385

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2024-21326

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
2024-01-24
Medium

CVE-2023-44281

Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delet…

CVSS: 6.6 CWE: CWE-264 View on NVD
2024-01-23
High

CVE-2023-52094

An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-50274

HPE OneView may allow command injection with local privilege escalation.

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2024-01-19
Medium

CVE-2023-6044

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevat…

CVSS: 6.3 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2023-6043

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.

CVSS: 7.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2023-5080

A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

CVSS: 6.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2024-01-16
High

CVE-2024-22409

DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gav…

CVSS: 7.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-4703

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any u…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2023-6395

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems…

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-52105

The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-01-12
High

CVE-2023-42463

Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerabi…

CVSS: 7.4 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2024-22206

Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patc…

CVSS: 9.0 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-6740

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CVSS: 8.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-6735

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CVSS: 8.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
2024-01-11
Medium

CVE-2024-21337

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 5.2 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-22198

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of syste…

CVSS: 7.1 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-22197

Nginx-ui is online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings s…

CVSS: 7.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-21637

Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`.…

CVSS: 7.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-01-10
Critical

CVE-2024-21638

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design th…

CVSS: 9.1 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-42832

A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-42828

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges.

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2023-49599

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escala…

CVSS: 9.8 CWE: CWE-331 - Insufficient Entropy View on NVD
2024-01-09
High

CVE-2024-21310

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-197 - Numeric Truncation Error View on NVD
High

CVE-2024-21309

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2024-20698

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-20686

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2024-20683

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-20681

Windows Subsystem for Linux Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-20658

Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-20657

Windows Group Policy Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-20656

Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-20653

Microsoft Common Log File System Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-01-03
Medium

CVE-2024-21622

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certa…

CVSS: 5.4 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2023-50921

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-41776

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.

CVSS: 6.7 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2024-01-02
Critical

CVE-2023-48419

An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege

CVSS: 10.0 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-12-22
High

CVE-2023-48670

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit…

CVSS: 7.3 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-42465

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling…

CVSS: 7.0 CWE: N/A View on NVD
2023-12-19
Critical

CVE-2023-6930

EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authe…

CVSS: 9.4 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-6932

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly reg…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-6931

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, lead…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-12-18
High

CVE-2023-6691

Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2023-6817

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive element…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2023-12-17
Medium

CVE-2023-3907

A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access…

CVSS: 4.9 CWE: CWE-286 - Incorrect User Management View on NVD
2023-12-13
High

CVE-2023-47322

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authentic…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2022-22942

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-12-12
Medium

CVE-2023-34064

Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain acc…

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2023-36696

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-36391

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36011

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2023-36005

Windows Telephony Server Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
Medium

CVE-2023-36003

XAML Diagnostics Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-35644

Windows Sysmain Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-35633

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-35632

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-35631

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-35624

Azure Connected Machine Agent Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2020-12614

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate…

CVSS: 7.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2023-48677

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-36646

Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalati…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2023-12-11
Critical

CVE-2023-48424

U-Boot shell vulnerability resulting in Privilege escalation in a production device

CVSS: 9.8 CWE: N/A View on NVD
2023-12-08
High

CVE-2023-48402

In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2023-32460

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

CVSS: 8.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2023-12-07
Critical

CVE-2023-35618

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
2023-12-06
Critical

CVE-2023-46773

Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.

CVSS: 9.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-12-05
High

CVE-2023-48693

Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in para…

CVSS: 8.7 CWE: CWE-20 - Improper Input Validation View on NVD
2023-12-04
High

CVE-2023-44304

Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2023-12-02
High

CVE-2023-39257

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-39256

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-11-30
High

CVE-2023-46326

ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation.

CVSS: 8.8 CWE: CWE-613 - Insufficient Session Expiration View on NVD
2023-11-29
Critical

CVE-2022-42540

Elevation of privilege

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2022-42538

Elevation of privilege

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2023-6218

In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.…

CVSS: 7.2 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-11-28
Critical

CVE-2023-41264

Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the con…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2023-11-27
Medium

CVE-2023-40610

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples sch…

CVSS: 6.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2023-11-24
Critical

CVE-2023-48312

capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2023-48712

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impers…

CVSS: 7.1 CWE: CWE-863 - Incorrect Authorization View on NVD
2023-11-23
High

CVE-2023-41808

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root…

CVSS: 8.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2023-41807

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora…

CVSS: 9.1 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-41806

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the avai…

CVSS: 8.2 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-44290

Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changi…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-44289

Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/chang…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-43086

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during applicat…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-39253

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vuln…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-11-22
High

CVE-2023-6009

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This make…

CVSS: 8.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2023-29069

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-37942

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerabil…

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-11-20
High

CVE-2023-47172

Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elemen…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-5593

The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a cra…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-11-16
High

CVE-2023-39259

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vuln…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-39246

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installati…

CVSS: 4.6 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
High

CVE-2023-26031

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (auth…

CVSS: 7.5 CWE: CWE-426 - Untrusted Search Path View on NVD
2023-11-15
High

CVE-2023-33873

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are insta…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2023-11-14
High

CVE-2023-36049

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-20571

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-36719

Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-36705

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36427

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2023-36424

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-36422

Microsoft Windows Defender Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-36408

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-36407

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-36405

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-36403

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-36400

Windows HMAC Key Derivation Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-36399

Windows Storage Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36394

Windows Search Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36047

Windows Authentication Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36036

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-36033

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2023-6111

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catc…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2023-11-10
High

CVE-2023-36027

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2023-36024

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-11-09
High

CVE-2023-39198

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD