CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 35/66 • 7824 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7824 CVEs for this tag (all time). In the last 365 days, 1222 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-01-28
High

CVE-2021-40389

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM au…

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-40388

A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can…

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-01-25
Medium

CVE-2021-45729

The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.

CVSS: 5.4 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-01-24
High

CVE-2021-45222

An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-43589

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privil…

CVSS: 6.0 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2021-4088

SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQ…

CVSS: 8.4 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2021-44981

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell arguments, t…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2022-01-21
Medium

CVE-2021-36338

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges an…

CVSS: 6.3 CWE: CWE-602 - Client-Side Enforcement of Server-Side Security View on NVD
2022-01-20
Medium

CVE-2022-22733

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-01-19
Medium

CVE-2022-21701

Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gat…

CVSS: 5.0 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2022-0166

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the install…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-31854

A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed i…

CVSS: 7.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2022-01-18
High

CVE-2021-34403

NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of conf…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-38783

There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK V1.0 camera driver "/dev/cedar_dev" through iotcl cmd IOCTL_SET_PROC_INFO and IOCTL_COPY_PROC_INFO, which could cause a system cr…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-01-17
High

CVE-2021-25036

The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
2022-01-14
High

CVE-2021-1036

In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privilege…

CVSS: 7.8 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2022-01-12
High

CVE-2022-0015

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue imp…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-01-11
Medium

CVE-2022-21970

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 6.1 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2022-21954

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2022-21920

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-21919

Windows User Profile Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-21916

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21914

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21910

Microsoft Cluster Port Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21908

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21903

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21902

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2022-21901

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 9.0 CWE: N/A View on NVD
High

CVE-2022-21897

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21896

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-21895

Windows User Profile Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-21887

Win32k Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21885

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21884

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21882

Win32k Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-21881

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-21879

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-21875

Windows Storage Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21873

Tile Data Repository Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21872

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21871

Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21870

Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21869

Clipboard User Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21868

Windows Devices Human Interface Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21867

Windows Push Notifications Apps Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21866

Windows System Launcher Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21865

Connected Devices Platform Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21864

Windows UI Immersive Server API Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21863

Windows StateRepository API Server file Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21862

Windows Application Model Core API Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21861

Task Flow Data Engine Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21860

Windows AppContracts API Server Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21859

Windows Accounts Control Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21858

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21857

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-21852

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2022-21838

Windows Cleanup Manager Elevation of Privilege Vulnerability

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-21835

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21834

Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21833

Virtual Machine IDE Drive Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-0129

Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system…

CVSS: 7.4 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-01-10
High

CVE-2021-45231

A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to cre…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2022-01-06
High

CVE-2021-46075

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.

CVSS: 7.2 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the c…

CVSS: 9.8 CWE: CWE-909 - Missing Initialization of Resource View on NVD
2022-01-04
High

CVE-2021-41388

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections befor…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-01-03
Critical

CVE-2021-37120

There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.

CVSS: 9.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2021-37113

There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5 CWE: N/A View on NVD
2021-12-30
High

CVE-2021-44466

Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root,…

CVSS: 7.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2021-20172

All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecur…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2021-12-29
High

CVE-2021-43876

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
2021-12-27
High

CVE-2021-45896

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-21750

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit t…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-45339

Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defe…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2021-45338

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-45337

Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-45336

Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead…

CVSS: 8.8 CWE: N/A View on NVD
2021-12-26
High

CVE-2021-45679

Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80.

CVSS: 8.4 CWE: N/A View on NVD
2021-12-22
High

CVE-2021-21912

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the syste…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-21911

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the syste…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-21910

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the syste…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-12-15
High

CVE-2021-1040

In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privil…

CVSS: 7.8 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
High

CVE-2021-1039

In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privile…

CVSS: 7.8 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
High

CVE-2021-43893

Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2021-43883

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-43880

Windows Mobile Device Management Elevation of Privilege Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-43877

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-43248

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43247

Windows TCP/IP Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-43245

Windows Digital TV Tuner Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43240

NTFS Set Short Name Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43239

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2021-43238

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-43237

Windows Setup Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-43231

Windows NTFS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43230

Windows NTFS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43229

Windows NTFS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43226

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43223

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43207

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-42312

Microsoft Defender for IoT Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-42293

Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-41333

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-40441

Windows Media Center Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
2021-12-14
High

CVE-2021-38950

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-4007

Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, t…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-12-13
High

CVE-2021-40857

Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.

CVSS: 8.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2021-12-12
High

CVE-2021-41805

HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-12-08
High

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-21957

A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabiliti…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-41021

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-37074

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation.

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2021-37040

There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.

CVSS: 9.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2021-12-07
High

CVE-2021-42131

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2021-42128

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

CVSS: 9.8 CWE: CWE-749 - Exposed Dangerous Method or Function View on NVD
High

CVE-2021-42126

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

CVSS: 8.8 CWE: CWE-285 - Improper Authorization View on NVD
2021-12-06
High

CVE-2021-43040

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-43038

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation…

CVSS: 8.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
High

CVE-2021-43037

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This a…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-43034

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2021-12-01
Critical

CVE-2021-26334

The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged us…

CVSS: 9.9 CWE: CWE-284 - Improper Access Control View on NVD