CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 36/66 • 7823 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7823 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2021-11-30
Medium

CVE-2021-44230

PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an…

CVSS: 6.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2021-43771

Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead…

CVSS: 7.8 CWE: N/A View on NVD
2021-11-29
High

CVE-2021-44198

DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-11-24
Medium

CVE-2021-43211

Windows 10 Update Assistant Elevation of Privilege Vulnerability

CVSS: 5.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-42297

Windows 10 Update Assistant Elevation of Privilege Vulnerability

CVSS: 5.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2021-11-23
High

CVE-2021-43019

Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage thi…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2021-39976

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit t…

CVSS: 7.8 CWE: N/A View on NVD
2021-11-20
High

CVE-2021-36307

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potenti…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-11-19
High

CVE-2021-22966

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-11-17
High

CVE-2021-43997

FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a thi…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-0180

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access.

CVSS: 8.4 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2021-42954

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing ful…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2021-11-15
High

CVE-2020-12962

Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-12892

An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2020-12902

Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-12964

A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows B…

CVSS: 7.8 CWE: N/A View on NVD
2021-11-10
High

CVE-2021-32023

An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-22048

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter S…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-42322

Visual Studio Code Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-42319

Visual Studio Elevation of Privilege Vulnerability

CVSS: 4.7 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-42304

Azure RTOS Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-42303

Azure RTOS Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-42302

Azure RTOS Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-42291

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-42287

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2021-42286

Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-42285

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-42283

NTFS Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-42282

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-42280

Windows Feedback Hub Elevation of Privilege Vulnerability

CVSS: 5.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-42278

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2021-42277

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVSS: 5.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-41379

Windows Installer Elevation of Privilege Vulnerability

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-41377

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-41372

A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files…

CVSS: 7.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2021-41370

NTFS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-41367

NTFS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-41366

Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-36957

Windows Desktop Bridge Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-11-09
High

CVE-2019-18916

A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-11-07
High

CVE-2021-43414

An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privil…

CVSS: 7.0 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2021-43412

An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for lo…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2021-11-03
High

CVE-2020-6931

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-20135

Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus A…

CVSS: 6.7 CWE: N/A View on NVD
2021-11-01
High

CVE-2021-3440

HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-24717

The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, cal…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-10-27
Critical

CVE-2011-4124

Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
2021-10-26
Medium

CVE-2021-23877

Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a spe…

CVSS: 6.7 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-10-25
Medium

CVE-2021-24544

The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by de…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2021-10-21
High

CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user…

CVSS: 8.0 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2021-42096

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that passw…

CVSS: 4.3 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
2021-10-19
High

CVE-2021-31359

A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting…

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2021-10-14
High

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. vi…

CVSS: 7.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2021-10-13
High

CVE-2021-41357

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-41348

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-41347

Windows AppX Deployment Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-41345

Storage Spaces Controller Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-41339

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVSS: 4.7 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-41335

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-41334

Windows Desktop Bridge Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40489

Storage Spaces Controller Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40488

Storage Spaces Controller Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40478

Storage Spaces Controller Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40477

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40476

Windows AppContainer Elevation Of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2021-40470

DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40467

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40466

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40464

Windows Nearby Sharing Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40450

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-40449

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-40443

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-26442

Windows HTTP.sys Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2021-26441

Storage Spaces Controller Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-10-12
High

CVE-2021-29645

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker…

CVSS: 7.0 CWE: N/A View on NVD
2021-10-11
Medium

CVE-2021-24545

The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2021-10-08
High

CVE-2021-37969

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Critical

CVE-2021-42109

VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.

CVSS: 9.8 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
2021-10-06
Medium

CVE-2021-25467

Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded l…

CVSS: 5.3 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2021-3848

An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could…

CVSS: 5.5 CWE: N/A View on NVD
2021-10-04
High

CVE-2021-41100

Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived sessio…

CVSS: 7.4 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2021-41869

SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-41285

Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-priv…

CVSS: 7.8 CWE: N/A View on NVD
2021-10-01
High

CVE-2021-29108

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to interce…

CVSS: 8.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2021-23893

Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an un…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-3626

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege e…

CVSS: 8.8 CWE: CWE-73 - External Control of File Name or Path View on NVD
2021-09-30
Critical

CVE-2021-41301

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to re…

CVSS: 9.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-09-29
High

CVE-2021-40708

Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achie…

CVSS: 7.3 CWE: CWE-379 - Creation of Temporary File in Directory with Insecure Permissions View on NVD
High

CVE-2021-28547

Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get pe…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2021-32466

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing…

CVSS: 7.0 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-09-27
High

CVE-2021-37274

Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes.

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2021-39828

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability…

CVSS: 5.8 CWE: CWE-379 - Creation of Temporary File in Directory with Insecure Permissions View on NVD
Critical

CVE-2021-36879

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.

CVSS: 9.8 CWE: CWE-264 View on NVD
Medium

CVE-2021-26587

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to par…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2021-34412

During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated priv…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-34411

During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched w…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-34410

A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root.

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2021-34408

The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2021-09-26
High

CVE-2021-41617

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs…

CVSS: 7.0 CWE: N/A View on NVD
2021-09-24
Medium

CVE-2021-36749

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than inten…

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-09-23
Critical

CVE-2021-26794

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.

CVSS: 9.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2021-22015

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may…

CVSS: 7.8 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2021-09-22
High

CVE-2021-21991

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may explo…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-31847

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would…

CVSS: 8.2 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-09-21
High

CVE-2021-20037

SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host o…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-09-17
High

CVE-2021-41387

seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.

CVSS: 8.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2021-09-15
High

CVE-2021-40862

HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthori…

CVSS: 8.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2021-40447

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38671

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38667

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38649

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2021-38648

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-38645

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-38639

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38638

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38634

Microsoft Windows Update Client Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38633

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38630

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38628

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38626

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD