CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 32/66 • 7823 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7823 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-07-12
Medium

CVE-2022-33654

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-33653

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-33652

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-33651

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-33650

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 4.9 CWE: N/A View on NVD
High

CVE-2022-33644

Xbox Live Save Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2022-33643

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-33642

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-33641

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-30226

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-30225

Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-30224

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-30220

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-30215

Active Directory Federation Services Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-30209

Windows IIS Server Elevation of Privilege Vulnerability

CVSS: 7.4 CWE: N/A View on NVD
High

CVE-2022-30206

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-30205

Windows Group Policy Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-30202

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2022-30181

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-22050

Windows Fax Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22049

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22047

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2022-22045

Windows.Devices.Picker.dll Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22043

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-22041

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2022-22037

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-22036

Performance Counters for Windows Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-22034

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-22031

Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
High

CVE-2022-22026

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22022

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-29187

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsu…

CVSS: 7.8 CWE: CWE-282 - Improper Ownership Management View on NVD
High

CVE-2021-38289

An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users…

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2022-07-08
Critical

CVE-2022-1245

A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target clien…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2022-07-07
High

CVE-2022-32481

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker comman…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-33680

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: N/A View on NVD
2022-07-06
High

CVE-2022-23714

A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges…

CVSS: 7.8 CWE: CWE-264 View on NVD
2022-06-29
High

CVE-2022-33639

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2022-33638

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2022-30192

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: N/A View on NVD
2022-06-28
Critical

CVE-2022-31887

Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve P…

CVSS: 9.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2022-06-24
High

CVE-2020-21046

A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated no…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-06-23
Medium

CVE-2022-2147

Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.…

CVSS: 6.5 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
High

CVE-2022-32553

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Pur…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-32552

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Pur…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-26636

Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.

CVSS: 8.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-06-21
High

CVE-2022-34008

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL fro…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2022-23171

AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows…

CVSS: 5.9 CWE: N/A View on NVD
2022-06-17
High

CVE-2022-33915

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch pac…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-33912

A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2018-25044

A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalatio…

CVSS: 6.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2018-25041

A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escala…

CVSS: 6.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2018-25040

A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to pri…

CVSS: 6.3 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-06-16
High

CVE-2022-30670

RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this v…

CVSS: 8.8 CWE: CWE-285 - Improper Authorization View on NVD
2022-06-15
High

CVE-2022-30166

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-30165

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-30160

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-30154

Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2022-30151

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-30150

Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2022-30147

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-30137

Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. Exploitation of this EOP vulnerability requires an atta…

CVSS: 6.7 CWE: N/A View on NVD
High

CVE-2022-30135

Windows Media Center Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-30132

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-30131

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-29149

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-40776

Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability…

CVSS: 6.1 CWE: CWE-379 - Creation of Temporary File in Directory with Insecure Permissions View on NVD
2022-06-14
Medium

CVE-2022-29614

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC…

CVSS: 5.0 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2022-29238

Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only…

CVSS: 4.3 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
2022-06-13
Critical

CVE-2022-29797

There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation.

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2022-31762

The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2022-06-11
Medium

CVE-2017-20038

A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of…

CVSS: 6.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2017-20037

A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads t…

CVSS: 6.3 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-06-10
High

CVE-2022-29092

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A no…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-27502

RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-44582

A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.

CVSS: 8.8 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
Critical

CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When S…

CVSS: 9.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2022-06-09
Medium

CVE-2017-20028

A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate t…

CVSS: 5.6 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2017-20025

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipu…

CVSS: 7.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2017-20023

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privi…

CVSS: 6.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2017-20021

A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege esca…

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2017-20018

A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It…

CVSS: 6.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-30703

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitiv…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-25068

A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The mani…

CVSS: 6.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2019-25067

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2019-25066

A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack ca…

CVSS: 6.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2019-25065

A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may b…

CVSS: 6.3 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2016-15002

A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAd…

CVSS: 7.3 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2022-32272

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-06-07
High

CVE-2020-36542

A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to…

CVSS: 7.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2020-36531

A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escal…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
High

CVE-2020-36529

A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to pri…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs bec…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-06-02
Critical

CVE-2022-30324

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client a…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2021-26634

SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code exe…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2021-26633

SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-06-01
High

CVE-2022-30128

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-30127

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2022-05-31
High

CVE-2022-31011

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requ…

CVSS: 7.8 CWE: CWE-287 - Improper Authentication View on NVD
2022-05-26
High

CVE-2022-26722

A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root priv…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2022-26721

A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root priv…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
Critical

CVE-2022-30495

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)

CVSS: 9.8 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
Critical

CVE-2022-30493

In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-05-23
High

CVE-2022-31467

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via th…

CVSS: 7.9 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-31466

Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system f…

CVSS: 7.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-32935

The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and lo…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2022-05-21
Critical

CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "#admi…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-05-20
High

CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

CVSS: 7.8 CWE: N/A View on NVD
2022-05-18
High

CVE-2022-30138

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
2022-05-17
High

CVE-2022-1356

cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileg…

CVSS: 7.1 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2022-30688

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-29581

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; ver…

CVSS: 7.8 CWE: CWE-911 - Improper Update of Reference Count View on NVD
2022-05-16
High

CVE-2022-30697

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-30696

Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-30695

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2022-30523

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete th…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-0573

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2022-05-12
High

CVE-2022-21182

A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges.…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-05-11
Medium

CVE-2022-28247

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local priv…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD