CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 41/66 • 7823 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7823 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2020-11-19
High

CVE-2020-7544

A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting dire…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-25989

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected sy…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-11-17
High

CVE-2020-15349

BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, mo…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
2020-11-16
High

CVE-2020-8273

Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2020-11-12
High

CVE-2020-13771

Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-11-11
High

CVE-2020-17088

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17087

Windows Kernel Local Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-131 - Incorrect Calculation of Buffer Size View on NVD
High

CVE-2020-17077

Windows Update Stack Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17076

Windows Update Orchestrator Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17075

Windows USO Core Worker Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17074

Windows Update Orchestrator Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17073

Windows Update Orchestrator Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17070

Windows Update Medic Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17057

Windows Win32k Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2020-17055

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17044

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17043

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17041

Windows Print Configuration Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17038

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17037

Windows WalletService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17035

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17034

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17033

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17032

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17031

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17028

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17027

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17026

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17025

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17024

Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17014

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17012

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17011

Windows Port Class Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17010

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2020-17007

Windows Error Reporting Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2020-17001

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16998

DirectX Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2020-16993

Azure Sphere Elevation of Privilege Vulnerability

CVSS: 5.4 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-16992

Azure Sphere Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2020-16989

Azure Sphere Elevation of Privilege Vulnerability

CVSS: 5.4 CWE: N/A View on NVD
Medium

CVE-2020-16988

Azure Sphere Elevation of Privilege Vulnerability

CVSS: 6.9 CWE: N/A View on NVD
Medium

CVE-2020-16981

Azure Sphere Elevation of Privilege Vulnerability

CVSS: 6.1 CWE: N/A View on NVD
2020-11-10
High

CVE-2020-23968

Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2020-26820

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the f…

CVSS: 7.2 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2020-11-06
High

CVE-2020-3600

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient securi…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-3595

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect per…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-3594

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-3593

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-11-05
Medium

CVE-2020-7207

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the s…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2020-5945

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalati…

CVSS: 8.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2020-24433

Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enab…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2020-24429

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in l…

CVSS: 7.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2020-24428

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vu…

CVSS: 7.7 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2020-11-02
High

CVE-2020-11164

u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, S…

CVSS: 7.8 CWE: N/A View on NVD
2020-10-29
Critical

CVE-2020-11483

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firm…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2020-10-28
High

CVE-2020-16262

Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-15278

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hiera…

CVSS: 7.7 CWE: CWE-863 - Incorrect Authorization View on NVD
Critical

CVE-2020-8239

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker…

CVSS: 9.8 CWE: N/A View on NVD
2020-10-23
High

CVE-2020-24848

FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-5990

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or inf…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-27216

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between al…

CVSS: 7.0 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
High

CVE-2020-9331

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process cr…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-14718

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.

CVSS: 6.7 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2020-10-21
High

CVE-2020-24425

Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user w…

CVSS: 7.5 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-10-20
Medium

CVE-2020-6362

SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulner…

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2020-10-19
High

CVE-2020-24630

A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS: 8.8 CWE: N/A View on NVD
2020-10-16
High

CVE-2020-1080

<p>An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2020-1047

<p>An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16995

<p>An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux. An attacker who successfully exploited this vulnerability could execute code with eleva…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16980

<p>An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevat…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16976

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execut…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16975

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execut…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16974

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execut…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16973

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execut…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16972

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execut…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16955

<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elev…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-16943

<p>An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce. An unauthenticated attacker who successfully exploited this vulnerability could update data without proper author…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2020-16940

<p>An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could d…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-16939

<p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2020-16936

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execut…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16935

<p>An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16934

<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elev…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2020-16928

<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elev…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16920

<p>An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnera…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16916

<p>An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16913

<p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16912

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execut…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16909

<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can success…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16908

<p>An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges.…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16907

<p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-16905

<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can success…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2020-16904

<p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTT…

CVSS: 5.3 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2020-16902

<p>An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.</p> <p>A locall…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-16900

<p>An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execut…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2020-16895

<p>An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a tar…

CVSS: 7.8 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2020-16892

<p>An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16890

<p>An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary cod…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16887

<p>An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could exe…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16885

<p>An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-16877

<p>An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targe…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2020-16876

<p>An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnera…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2020-0764

<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated pr…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-15867

The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not…

CVSS: 7.2 CWE: N/A View on NVD
2020-10-14
Medium

CVE-2020-3427

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileg…

CVSS: 6.6 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
High

CVE-2020-7330

Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via…

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-10-12
Medium

CVE-2020-7811

Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-proces…

CVSS: 6.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2020-10-09
High

CVE-2020-15838

The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2020-10-07
High

CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it thr…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-10-05
Medium

CVE-2020-8223

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2019-14557

Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable ele…

CVSS: 8.0 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2020-10-02
High

CVE-2020-25776

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges.…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2020-24356

`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which coul…

CVSS: 6.4 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-09-29
High

CVE-2020-24563

A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege e…

CVSS: 7.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2020-24562

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escala…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-09-25
Critical

CVE-2020-15371

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2019-7178

Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
2020-09-24
High

CVE-2020-15843

ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Ins…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2020-15850

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Critical

CVE-2020-12842

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Critical

CVE-2020-12839

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD