CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 40/66 • 7823 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7823 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2021-02-17
High

CVE-2020-13551

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an att…

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2021-26559

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2021-23885

Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance…

CVSS: 9.0 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-02-16
High

CVE-2021-20075

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-02-10
Low

CVE-2021-21296

Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in de…

CVSS: 2.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2021-23873

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2021-02-09
High

CVE-2020-26192

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this v…

CVSS: 7.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2020-26191

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level o…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-3394

Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-21117

Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2021-02-06
High

CVE-2021-22299

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may c…

CVSS: 7.8 CWE: N/A View on NVD
2021-02-05
High

CVE-2021-26708

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The ra…

CVSS: 7.0 CWE: CWE-667 - Improper Locking View on NVD
2021-02-03
Medium

CVE-2020-35152

Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing…

CVSS: 4.5 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2021-02-02
High

CVE-2020-8672

Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-21284

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2021-01-29
High

CVE-2020-35145

Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-01-28
High

CVE-2020-35517

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared di…

CVSS: 8.2 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-01-26
High

CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends wit…

CVSS: 7.8 CWE: CWE-193 - Off-by-one Error View on NVD
High

CVE-2021-22159

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8…

CVSS: 7.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2020-25737

An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges duri…

CVSS: 7.8 CWE: N/A View on NVD
2021-01-21
Medium

CVE-2020-3687

Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2020-11183

A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consum…

CVSS: 6.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2021-01-20
High

CVE-2020-6024

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation…

CVSS: 7.8 CWE: CWE-114 - Process Control View on NVD
High

CVE-2020-14360

A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerabi…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2021-01-15
High

CVE-2021-3162

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.

CVSS: 7.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2021-0223

A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. tel…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2021-01-13
High

CVE-2021-21011

Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write t…

CVSS: 7.0 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2020-9209

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this v…

CVSS: 6.7 CWE: CWE-862 - Missing Authorization View on NVD
2021-01-12
High

CVE-2021-1719

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1712

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1709

Windows Win32k Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1706

Windows LUAFV Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1704

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1703

Windows Event Logging Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1702

Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1697

Windows InstallService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1695

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1694

Windows Update Stack Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1693

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1690

Windows WalletService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1689

Windows Multipoint Management Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1688

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1687

Windows WalletService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1686

Windows WalletService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1685

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1682

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1681

Windows WalletService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1680

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1662

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1661

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2021-1659

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1655

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1654

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1653

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1652

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1651

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1650

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1649

Active Template Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1648

Microsoft splwow64 Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-1646

Windows WLAN Service Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1642

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1636

Microsoft SQL Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2020-26050

SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-201…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-01-11
High

CVE-2020-17534

There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has r…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2021-01-08
High

CVE-2020-16021

Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file.

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2021-01-05
High

CVE-2020-26181

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connec…

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-13541

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite…

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-01-04
Critical

CVE-2020-36157

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that cou…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2020-36156

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page cou…

CVSS: 9.9 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive me…

CVSS: 10.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-4912

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.

CVSS: 7.2 CWE: N/A View on NVD
2021-01-01
High

CVE-2020-35935

The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism…

CVSS: 7.5 CWE: N/A View on NVD
2020-12-29
Medium

CVE-2020-27643

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not…

CVSS: 6.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-12-28
Critical

CVE-2020-27172

An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges.

CVSS: 9.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-12-24
Medium

CVE-2020-9137

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with…

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2020-9119

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute re…

CVSS: 6.2 CWE: N/A View on NVD
2020-12-22
High

CVE-2020-24677

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.

CVSS: 8.8 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2020-24676

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and res…

CVSS: 7.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD
High

CVE-2020-29396

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leadi…

CVSS: 8.8 CWE: CWE-267 - Privilege Defined With Unsafe Actions View on NVD
Medium

CVE-2019-11782

Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading t…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2019-11781

Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafte…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2018-15645

Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads,…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2020-12-18
High

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to…

CVSS: 7.1 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2020-13535

A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SY…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2020-13519

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An a…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-13515

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain ele…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-13514

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privi…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-13513

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privi…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-13512

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privi…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-12-17
High

CVE-2020-12517

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vu…

CVSS: 8.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2020-12-15
High

CVE-2020-29569

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when st…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2020-25712

A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2020-12-14
Critical

CVE-2020-8257

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-12-11
High

CVE-2020-27786

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2020-12-10
High

CVE-2020-4829

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-12594

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 1…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2020-17137

DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17136

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17134

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17103

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
Low

CVE-2020-17097

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVSS: 3.3 CWE: N/A View on NVD
High

CVE-2020-17092

Windows Network Connections Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17089

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2020-16964

Windows Backup Engine Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16963

Windows Backup Engine Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16962

Windows Backup Engine Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16961

Windows Backup Engine Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16960

Windows Backup Engine Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16959

Windows Backup Engine Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16958

Windows Backup Engine Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
2020-12-09
High

CVE-2020-2049

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privil…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2020-27614

AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2020-12-03
High

CVE-2020-23740

In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2020-28175

There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-23735

In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
2020-12-01
Medium

CVE-2020-28575

A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must fir…

CVSS: 6.7 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-7335

Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by cr…

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-9114

FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-11-30
High

CVE-2020-8351

A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.

CVSS: 7.8 CWE: CWE-16 View on NVD
2020-11-24
High

CVE-2020-3985

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orches…

CVSS: 8.8 CWE: N/A View on NVD