CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 42/66 • 7823 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7823 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2020-09-24
Critical

CVE-2020-12838

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2020-09-23
High

CVE-2020-25603

An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the…

CVSS: 7.8 CWE: CWE-670 - Always-Incorrect Control Flow Implementation View on NVD
High

CVE-2020-25595

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back f…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-09-21
High

CVE-2020-6574

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

CVSS: 7.8 CWE: N/A View on NVD
2020-09-18
Medium

CVE-2020-14390

A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nat…

CVSS: 5.6 CWE: CWE-787 - Out-of-bounds Write View on NVD
2020-09-16
Medium

CVE-2020-3980

VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick a…

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2020-14386

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data conf…

CVSS: 6.7 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
Medium

CVE-2020-7297

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user inter…

CVSS: 5.7 CWE: CWE-287 - Improper Authentication View on NVD
2020-09-15
Medium

CVE-2020-7296

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user…

CVSS: 5.7 CWE: CWE-287 - Improper Authentication View on NVD
Low

CVE-2020-7295

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the use…

CVSS: 3.5 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2020-7294

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST i…

CVSS: 4.6 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2020-7293

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access co…

CVSS: 9.0 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2020-14362

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vul…

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2020-14361

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vul…

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2020-15179

The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visit…

CVSS: 8.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2020-23451

Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2020-14345

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerab…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2020-09-14
High

CVE-2020-0570

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

CVSS: 7.3 CWE: CWE-426 - Untrusted Search Path View on NVD
2020-09-11
Medium

CVE-2020-1598

<p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerabili…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2020-1590

<p>An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerabili…

CVSS: 6.6 CWE: N/A View on NVD
High

CVE-2020-1559

<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated pr…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1532

<p>An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on th…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1507

<p>An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated pri…

CVSS: 7.9 CWE: N/A View on NVD
Medium

CVE-2020-1506

<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated…

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2020-1491

<p>An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could exec…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1471

<p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated p…

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2020-1376

<p>An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permi…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1308

<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.…

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2020-1303

<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-1245

<p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2020-1169

<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-1159

<p>An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. An attacker who successfully exploited the vulnerability could ex…

CVSS: 6.6 CWE: N/A View on NVD
Medium

CVE-2020-1152

<p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a tar…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2020-1146

<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on t…

CVSS: 6.6 CWE: N/A View on NVD
Medium

CVE-2020-1133

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run p…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-1130

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run p…

CVSS: 6.6 CWE: N/A View on NVD
Medium

CVE-2020-1122

<p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run proc…

CVSS: 5.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2020-1115

<p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly hand…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1098

<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run pro…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1053

<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1052

<p>An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-1034

<p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevat…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2020-1030

<p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerabil…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1013

<p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissio…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2020-1012

<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2020-16853

<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could…

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2020-16852

<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2020-16851

<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could…

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2020-0998

<p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run process…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0912

<p>An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to ga…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2020-0911

<p>An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary co…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0886

<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated pr…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-0875

<p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise t…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-0870

<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run pro…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0839

<p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0838

<p>An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To e…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-0837

<p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2020-0790

<p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected syst…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0782

<p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0766

<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on t…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0648

<p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execu…

CVSS: 7.8 CWE: N/A View on NVD
2020-09-10
High

CVE-2020-25221

get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page tha…

CVSS: 7.8 CWE: CWE-672 - Operation on a Resource after Expiration or Release View on NVD
High

CVE-2020-7314

Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as r…

CVSS: 8.2 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2020-7311

Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log fi…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-09-09
Critical

CVE-2020-15903

An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was…

CVSS: 9.8 CWE: N/A View on NVD
Medium

CVE-2020-6311

Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authent…

CVSS: 6.5 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2020-7325

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links…

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-09-08
High

CVE-2020-3619

u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectiv…

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2020-09-03
Critical

CVE-2020-24876

Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation.

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2020-4638

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation l…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2020-24949

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).

CVSS: 8.8 CWE: N/A View on NVD
2020-09-02
High

CVE-2020-5369

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerabili…

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Critical

CVE-2020-24030

ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. NOTE: as of 2025-10-14, the Supplier's pers…

CVSS: 9.8 CWE: CWE-672 - Operation on a Resource after Expiration or Release View on NVD
High

CVE-2020-24028

ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's p…

CVSS: 8.8 CWE: N/A View on NVD
2020-09-01
High

CVE-2020-24955

SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2020-24557

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporar…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-24556

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard l…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2020-24034

Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request wi…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2020-08-31
High

CVE-2020-7527

Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and s…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2020-7523

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Ser…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-08-25
High

CVE-2020-15777

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2020-08-21
Medium

CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled"…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-20633

ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2020-7310

Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via man…

CVSS: 6.9 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-24574

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Wind…

CVSS: 7.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2020-24567

voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged u…

CVSS: 7.8 CWE: N/A View on NVD
2020-08-20
Critical

CVE-2020-15149

NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially…

CVSS: 9.9 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-08-19
High

CVE-2020-9724

Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2020-9714

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation…

CVSS: 7.8 CWE: N/A View on NVD
2020-08-18
Medium

CVE-2020-5385

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local mali…

CVSS: 6.7 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2020-08-17
High

CVE-2020-1587

An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain ex…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1584

An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated pe…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1581

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1579

An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain executi…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1571

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After suc…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2020-1566

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code i…

CVSS: 4.2 CWE: N/A View on NVD
High

CVE-2020-1565

An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain ex…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2020-1556

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with el…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1553

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1552

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes i…

CVSS: 8.0 CWE: N/A View on NVD
High

CVE-2020-1551

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1550

An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the vict…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1549

An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the vict…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1547

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1546

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1545

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1544

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1543

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1542

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1541

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1540

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1539

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1538

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1537

An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privile…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1536

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1535

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1534

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1533

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with el…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1531

An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1530

An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system…

CVSS: 7.8 CWE: N/A View on NVD