CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 30/66 • 7823 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7823 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-10-31
High

CVE-2022-43752

Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malici…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Critical

CVE-2022-40287

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targete…

CVSS: 9.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attac…

CVSS: 8.1 CWE: N/A View on NVD
2022-10-29
High

CVE-2022-41974

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets c…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-41973

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2022-10-27
High

CVE-2022-0074

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.…

CVSS: 8.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2022-10-25
High

CVE-2022-33182

A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root usin…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-10-20
High

CVE-2022-42344

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vul…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2022-10-18
High

CVE-2022-36438

AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). Th…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-10-17
High

CVE-2022-3569

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively…

CVSS: 7.8 CWE: CWE-271 - Privilege Dropping / Lowering Errors View on NVD
2022-10-14
High

CVE-2022-39111

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-39110

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-39109

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-39108

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-39107

In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-39080

In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-38698

In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-38670

In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-38669

In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-2985

In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2022-41578

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-42464

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacke…

CVSS: 6.7 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-10-13
Critical

CVE-2022-42897

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2022-10-12
High

CVE-2022-2249

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communicati…

CVSS: 7.7 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-10-11
High

CVE-2022-20436

There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID:…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2022-20435

There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: And…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2022-20434

There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndr…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-20433

There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndr…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-20432

There is an missing authorization issue in the system service. Since the component does not have permission check and permission protection,, resulting in Local Elevation of privilege.Product: Androi…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-20431

There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndr…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-20430

There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndr…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2020-14129

A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2022-41083

Visual Studio Code Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-41033

Windows COM+ Event System Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2022-41032

NuGet Client Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-38051

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-38050

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-38045

Windows Server Service Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-38042

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-38039

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-38038

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-38037

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-38034

Windows Workstation Service Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-38029

Windows ALPC Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-38028

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-38027

Windows Storage Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Low

CVE-2022-38022

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 3.3 CWE: N/A View on NVD
High

CVE-2022-38021

Connected User Experiences and Telemetry Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-38017

StorSimple 8000 Series Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2022-38016

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-38003

Windows Resilient File System Elevation of Privilege

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37999

Windows Group Policy Preference Client Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37997

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37995

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37994

Windows Group Policy Preference Client Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37993

Windows Group Policy Preference Client Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37991

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37990

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37989

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37988

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37987

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37986

Windows Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37984

Windows WLAN Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37983

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37980

Windows DHCP Client Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37979

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37976

Active Directory Certificate Services Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-37975

Windows Group Policy Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-37971

Microsoft Windows Defender Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-37970

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-42238

A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.

CVSS: 8.8 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
2022-10-10
High

CVE-2022-41745

An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could le…

CVSS: 7.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
2022-10-07
High

CVE-2022-39959

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, u…

CVSS: 7.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2022-10-06
Medium

CVE-2022-2637

Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage P…

CVSS: 5.4 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2022-10-03
High

CVE-2022-41040

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2022-09-30
High

CVE-2022-41975

RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-36961

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-09-23
Medium

CVE-2022-35250

A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.

CVSS: 4.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2022-32826

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Updat…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-32819

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-00…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-32801

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-35257

A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary com…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-40298

Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A lo…

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2022-09-22
High

CVE-2022-36062

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege e…

CVSS: 7.6 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2022-09-21
Critical

CVE-2022-28802

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled ge…

CVSS: 9.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2022-09-20
Critical

CVE-2017-20148

In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2016-20015

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileg…

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-32167

Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user,…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-09-19
High

CVE-2022-40143

A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-40142

A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-29908

The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation.

CVSS: 7.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2022-09-16
Critical

CVE-2022-39007

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-09-13
High

CVE-2022-34101

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege esca…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Critical

CVE-2022-39206

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step.…

CVSS: 9.9 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
High

CVE-2022-38020

Visual Studio Code Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2022-38007

Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-38005

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37969

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-37964

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37957

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37956

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37955

Windows Group Policy Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37954

DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-35828

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-35803

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-34729

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-34725

Windows ALPC Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-34719

Windows Distributed File System (DFS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-33679

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2022-33647

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2022-30170

Windows Credential Roaming Service Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2022-26928

Windows Photo Import API Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-35292

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows…

CVSS: 7.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2022-09-09
Medium

CVE-2022-38070

Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress.

CVSS: 5.4 CWE: CWE-264 View on NVD
2022-09-07
High

CVE-2022-1807

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2022-31166

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of g…

CVSS: 8.1 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-09-06
High

CVE-2022-38176

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-09-02
High

CVE-2022-34382

Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may poten…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-25657

A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD