CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 34/66 • 7824 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7824 CVEs for this tag (all time). In the last 365 days, 1222 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-04-05
High

CVE-2022-26895

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2022-26894

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2022-26891

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2022-24475

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.

CVSS: 8.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2022-0799

Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.

CVSS: 8.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-23732

A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To explo…

CVSS: 8.8 CWE: CWE-23 - Relative Path Traversal View on NVD
2022-04-04
Critical

CVE-2021-32984

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior t…

CVSS: 9.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2022-04-01
High

CVE-2021-26624

An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroo…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-24426

Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could poten…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-03-29
High

CVE-2022-1055

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1073

A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely.

CVSS: 7.3 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD
2022-03-28
Medium

CVE-2003-5001

A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE…

CVSS: 5.3 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-03-25
High

CVE-2021-4202

A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2022-03-23
Critical

CVE-2022-24768

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious…

CVSS: 9.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2021-44226

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user be…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-03-18
High

CVE-2022-22665

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22578

A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root pr…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, r…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2022-03-17
Medium

CVE-2022-0237

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe…

CVSS: 4.0 CWE: CWE-264 View on NVD
2022-03-13
High

CVE-2022-24128

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivi…

CVSS: 8.0 CWE: CWE-863 - Incorrect Authorization View on NVD
2022-03-11
High

CVE-2022-23731

V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.

CVSS: 7.8 CWE: CWE-264 View on NVD
2022-03-10
High

CVE-2022-24750

UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to ac…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-25090

Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-24286

Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority throug…

CVSS: 7.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2022-24285

Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. I…

CVSS: 7.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2022-22814

The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2021-32025

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safe…

CVSS: 8.1 CWE: CWE-368 - Context Switching Race Condition View on NVD
2022-03-09
High

CVE-2022-24525

Windows Update Stack Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-24519

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-24518

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-24515

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-24507

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-24506

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-24505

Windows ALPC Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-24469

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2022-24460

Tablet Windows User Interface Application Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-24459

Windows Fax and Scan Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-24455

Windows CD-ROM Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-24454

Windows Security Support Provider Interface Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-23299

Windows PDEV Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-23298

Windows NT OS Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-23296

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-23293

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-23291

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-23290

Windows Inking COM Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-23288

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-23287

Windows ALPC Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-23286

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-23284

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2022-23283

Windows ALPC Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-23266

Microsoft Defender for IoT Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21967

Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
2022-03-08
High

CVE-2022-25311

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check priv…

CVSS: 7.3 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-03-04
High

CVE-2022-25623

The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.

CVSS: 7.8 CWE: N/A View on NVD
2022-03-03
High

CVE-2021-3609

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2022-03-02
Critical

CVE-2022-24305

Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.

CVSS: 9.8 CWE: N/A View on NVD
2022-02-25
High

CVE-2022-23921

Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a…

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2021-40046

PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege.

CVSS: 9.8 CWE: N/A View on NVD
Medium

CVE-2022-25328

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control ove…

CVSS: 5.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2022-02-24
Medium

CVE-2022-23104

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and execut…

CVSS: 5.6 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2022-24620

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2022-24680

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-24679

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-24671

A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their pri…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2022-02-22
High

CVE-2022-23652

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Co…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
2022-02-21
Medium

CVE-2022-0563

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. W…

CVSS: 5.5 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
High

CVE-2021-45008

Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on…

CVSS: 8.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2022-02-20
High

CVE-2022-25372

Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-02-18
High

CVE-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Au…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication…

CVSS: 7.8 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
High

CVE-2022-24050

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. A…

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

CVSS: 8.1 CWE: CWE-20 - Improper Input Validation View on NVD
2022-02-17
High

CVE-2021-44731

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their…

CVSS: 7.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2021-44730

snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary bina…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2022-02-16
Medium

CVE-2021-3557

A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resou…

CVSS: 6.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2022-02-14
High

CVE-2022-23410

AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working director…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-02-11
Critical

CVE-2021-20001

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which co…

CVSS: 9.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2022-0483

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-02-09
High

CVE-2022-22528

SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-21825

An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2021-22817

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Critical

CVE-2021-36302

All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit…

CVSS: 9.9 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-23276

SQL Server for Linux Containers Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-23273

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-23272

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
Medium

CVE-2022-23271

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-22718

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22717

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-22715

Named Pipe File System Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2022-22001

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22000

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21999

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2022-21997

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-21996

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21994

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21989

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21981

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
2022-02-08
Medium

CVE-2022-21703

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by…

CVSS: 6.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2022-02-07
High

CVE-2022-23263

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 7.7 CWE: N/A View on NVD
Medium

CVE-2022-23262

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 6.3 CWE: N/A View on NVD
2022-02-04
High

CVE-2022-24115

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 202…

CVSS: 7.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2022-24114

Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (ma…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-24113

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2021-4154

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation b…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-44206

Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Ac…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-44205

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) b…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-44204

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) be…

CVSS: 7.8 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2021-44903

Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-44901

Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-44900

Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-44899

Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.…

CVSS: 7.8 CWE: N/A View on NVD
2022-01-29
High

CVE-2022-24122

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its names…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2022-01-28
High

CVE-2022-23727

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation ma…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users accor…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-44463

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some D…

CVSS: 8.1 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-40397

A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM aut…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-40396

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM author…

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD