Privilege Escalation - 7823 CVEs (Page 45/66)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7823 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2020-05-21

High

CVE-2020-1165

An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1164

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1158

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1157

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1156

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1155

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1154

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Priv…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1151

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1149

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1144

An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabili…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1143

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE I…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1142

An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1140

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1139

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1138

An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1137

An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1135

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1134

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1132

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1131

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1125

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1124

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1121

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1114

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique fro…

CVSS: 7.8 CWE: N/A View on NVD

Critical

CVE-2020-1112

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Tran…

CVSS: 9.9 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD

High

CVE-2020-1111

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1110

An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID i…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1109

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1090

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1088

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1087

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1086

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1082

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

High

CVE-2020-1081

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vuln…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2020-1079

An elevation of privilege vulnerability exists when the Windows fails to properly handle objects in memory, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1078

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1077

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2020-1071

An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka 'Windows Remote Access Common Dialog Elevation of Privilege Vulnerabilit…

CVSS: 6.8 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD

High

CVE-2020-1070

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnera…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1068

An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the sy…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1066

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access th…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1056

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it i…

CVSS: 8.1 CWE: N/A View on NVD

High

CVE-2020-1054

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-1048

CVSS: 7.8 CWE: CWE-669 - Incorrect Resource Transfer Between Spheres View on NVD

High

CVE-2020-1021

CVSS: 7.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

High

CVE-2020-1010

An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would…

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2020-12431

A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT…

CVSS: 6.6 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD

High

CVE-2020-6477

Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD

2020-05-19

Medium

CVE-2020-7137

A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue.

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD

2020-05-16

High

CVE-2020-13110

The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because o…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD

2020-05-14

Medium

CVE-2020-12068

An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.

CVSS: 6.5 CWE: N/A View on NVD

2020-05-13

High

CVE-2020-2016

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker wh…

CVSS: 7.0 CWE: CWE-377 - Insecure Temporary File View on NVD

2020-05-11

High

CVE-2020-5837

Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD

High

CVE-2020-5835

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

2020-05-08

High

CVE-2020-7291

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been…

CVSS: 7.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

High

CVE-2020-7290

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not be…

CVSS: 7.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

High

CVE-2020-7289

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not…

CVSS: 7.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

High

CVE-2020-7288

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing us…

CVSS: 7.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

High

CVE-2020-7287

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing…

CVSS: 7.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

High

CVE-2020-7286

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executin…

CVSS: 7.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

High

CVE-2020-7285

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

CVSS: 7.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

High

CVE-2020-7267

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via mani…

CVSS: 8.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

High

CVE-2020-7266

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to…

CVSS: 8.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

High

CVE-2020-7265

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic l…

CVSS: 8.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

High

CVE-2020-7264

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manip…

CVSS: 8.8 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD

2020-05-07

High

CVE-2020-9475

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can g…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

2020-05-05

High

CVE-2020-12463

An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary fil…

CVSS: 7.8 CWE: N/A View on NVD

2020-04-30

High

CVE-2020-1817

Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can injec…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-12050

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new co…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

2020-04-29

Medium

CVE-2020-12275

GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.

CVSS: 5.3 CWE: N/A View on NVD

High

CVE-2020-12446

The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input f…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-11446

ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD

High

CVE-2019-19100

A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticate…

CVSS: 7.5 CWE: CWE-264 View on NVD

Critical

CVE-2020-12443

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequen…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2020-04-27

Medium

CVE-2020-9072

Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vu…

CVSS: 6.7 CWE: N/A View on NVD

Medium

CVE-2020-1845

Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. An authenticated, local attacker can perform specific operation to exploit this vulnerab…

CVSS: 6.7 CWE: N/A View on NVD

2020-04-26

High

CVE-2020-12254

Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink.

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD

2020-04-22

Medium

CVE-2020-8833

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this ca…

CVSS: 5.6 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD

High

CVE-2018-21124

NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation.

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD

Critical

CVE-2019-19104

The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific unifor…

CVSS: 9.1 CWE: CWE-287 - Improper Authentication View on NVD

2020-04-21

High

CVE-2020-10787

An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).

CVSS: 8.8 CWE: N/A View on NVD

2020-04-20

High

CVE-2017-18837

Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2017-18830

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2017-18829

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2017-18826

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2017-18822

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2017-18838

Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD

2020-04-17

High

CVE-2020-10947

Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.

CVSS: 8.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD

2020-04-16

Medium

CVE-2020-7110

ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

High

CVE-2020-4347

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server N…

CVSS: 7.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD

High

CVE-2019-14116

Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Comput…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD

2020-04-15

Medium

CVE-2020-6992

A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the…

CVSS: 6.7 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2020-1094

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1029

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevatio…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1027

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-1019

An elevation of privilege vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft RMS Sharing App for Mac Elevation of Privilege Vul…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1017

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1015

An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1014

An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerab…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2020-1011

An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique fr…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1009

An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations, aka 'Windows Elevation of Privilege Vulnerability'.…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1006

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1004

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1003

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1002

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to…

CVSS: 7.1 CWE: N/A View on NVD

High

CVE-2020-1001

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-1000

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-0996

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-0985

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-0984

An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka 'Microsoft (MAU) Office Elevation of Pri…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2020-0983

An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-0958

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-0957

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-0956

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-0944

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-0942

CVSS: 7.1 CWE: N/A View on NVD

High

CVE-2020-0940

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-0936

An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'.

CVSS: 7.1 CWE: N/A View on NVD

Medium

CVE-2020-0935

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'.

CVSS: 5.5 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2020-0934

An elevation of privilege vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim…

CVSS: 7.8 CWE: N/A View on NVD