CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 24/66 • 7823 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7823 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-11-09
High

CVE-2023-39198

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
2023-11-08
High

CVE-2023-4706

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2023-3282

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated p…

CVSS: 6.4 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2023-5760

A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowin…

CVSS: 8.2 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Critical

CVE-2023-45849

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.

CVSS: 9.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2023-11-07
Medium

CVE-2023-46744

Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-41036

Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-11-06
Medium

CVE-2023-46254

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namesp…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-11-03
High

CVE-2023-41726

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-41725

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability

CVSS: 7.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2022-43555

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

CVSS: 7.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2022-43554

Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

CVSS: 7.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Critical

CVE-2023-3277

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login fe…

CVSS: 9.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2023-11-02
High

CVE-2023-39283

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could le…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from…

CVSS: 7.2 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-11-01
High

CVE-2023-5178

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-3972

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalat…

CVSS: 7.8 CWE: CWE-379 - Creation of Temporary File in Directory with Insecure Permissions View on NVD
2023-10-31
High

CVE-2023-5739

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-30
High

CVE-2023-47101

The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-29
High

CVE-2023-40685

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can explo…

CVSS: 7.4 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-40686

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can explo…

CVSS: 4.9 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-27
High

CVE-2023-44219

A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges throug…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-34057

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-46813

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of…

CVSS: 7.0 CWE: N/A View on NVD
2023-10-26
Medium

CVE-2023-41966

The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.

CVSS: 6.5 CWE: CWE-267 - Privilege Defined With Unsafe Actions View on NVD
2023-10-25
High

CVE-2023-5717

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2023-37912

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes`…

CVSS: 9.9 CWE: CWE-270 - Privilege Context Switching Error View on NVD
High

CVE-2022-3699

A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute c…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-10-23
Medium

CVE-2023-28805

An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105

CVSS: 6.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2023-10-20
Medium

CVE-2023-34045

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder…

CVSS: 6.6 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-4334

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and…

CVSS: 8.8 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2023-46277

please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-19
High

CVE-2023-35183

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-35181

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-45883

A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-17
Critical

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different…

CVSS: 9.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image T…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2023-10-16
Medium

CVE-2023-40377

Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system c…

CVSS: 4.9 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-15
Medium

CVE-2023-40378

IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component a…

CVSS: 4.9 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-13
High

CVE-2023-38218

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2023-44201

An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration…

CVSS: 5.0 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2023-44182

An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protoco…

CVSS: 7.3 CWE: CWE-252 - Unchecked Return Value View on NVD
2023-10-12
High

CVE-2023-1943

Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.

CVSS: 8.0 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2023-10-10
High

CVE-2023-31096

An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-41772

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-41766

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2023-41763

Skype for Business Elevation of Privilege Vulnerability

CVSS: 5.3 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2023-38159

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-36790

Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-36776

Win32k Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36743

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36737

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36732

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-36731

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-36729

Named Pipe File System Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-36726

Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36725

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-36723

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36721

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-36712

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-36711

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36701

Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-36605

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability

CVSS: 7.4 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36594

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2023-36569

Microsoft Office Elevation of Privilege Vulnerability

CVSS: 8.4 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-36568

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36565

Microsoft Office Graphics Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36561

Azure DevOps Server Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2023-36434

Windows IIS Server Elevation of Privilege Vulnerability

CVSS: 9.8 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
High

CVE-2023-36419

Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2023-5450

An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.  Note: Software…

CVSS: 7.3 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
2023-10-09
High

CVE-2023-45248

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows)…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-45350

Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm…

CVSS: 8.8 CWE: N/A View on NVD
2023-10-06
Medium

CVE-2023-43058

IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.

CVSS: 5.3 CWE: N/A View on NVD
2023-10-05
High

CVE-2023-26236

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on W…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-04
High

CVE-2023-44209

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 29051, Acronis Cyber Protect…

CVSS: 7.8 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
High

CVE-2023-4997

Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privileg…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2023-10-03
High

CVE-2023-0506

The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-44218

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege…

CVSS: 8.8 CWE: CWE-267 - Privilege Defined With Unsafe Actions View on NVD
High

CVE-2023-44217

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-5345

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36628

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-09-28
High

CVE-2023-5256

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-40375

Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevat…

CVSS: 7.4 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-09-27
High

CVE-2023-43651

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability ma…

CVSS: 8.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2023-32458

Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potent…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-5197

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within t…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-44157

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-40443

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2023-34043

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

CVSS: 6.7 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-09-25
High

CVE-2023-0633

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.

CVSS: 7.2 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
Medium

CVE-2023-0627

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.

CVSS: 6.7 CWE: CWE-501 - Trust Boundary Violation View on NVD
2023-09-22
High

CVE-2023-43766

Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-09-20
Critical

CVE-2023-2163

Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation,…

CVSS: 10.0 CWE: CWE-682 - Incorrect Calculation View on NVD
2023-09-15
Critical

CVE-2023-36735

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36562

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-4665

Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.

CVSS: 8.8 CWE: CWE-279 - Incorrect Execution-Assigned Permissions View on NVD
High

CVE-2023-4664

Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Critical

CVE-2023-36657

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-09-14
High

CVE-2022-47631

Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Serv…

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2023-4814

A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.

CVSS: 7.1 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2023-09-13
High

CVE-2023-4153

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' funct…

CVSS: 8.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2023-09-12
High

CVE-2023-4921

A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sen…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-3712

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10…

CVSS: 6.6 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
High

CVE-2023-38161

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-38156

Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-38150

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-38144

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2023-38143

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-38142

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-38141

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2023-38139

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36804

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36802

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36765

Microsoft Office Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-36764

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2023-36759

Visual Studio Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2023-36758

Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-35355

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-29332

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD