CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 48/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2020-01-14
High

CVE-2020-0625

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0624

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0623

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0620

An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0614

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0613

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-16784

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a p…

CVSS: 7.0 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2020-5180

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading t…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-19548

Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to…

CVSS: 7.8 CWE: N/A View on NVD
2020-01-13
High

CVE-2012-4761

A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileg…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2012-4760

A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-6949

A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure t…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-01-10
High

CVE-2019-19475

An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission sec…

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Critical

CVE-2012-4284

A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execut…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2019-18194

TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-19820

An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution…

CVSS: 7.8 CWE: CWE-763 - Release of Invalid Pointer or Reference View on NVD
High

CVE-2013-6231

SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-01-09
High

CVE-2016-5311

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Pr…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Critical

CVE-2019-6330

A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.

CVSS: 9.8 CWE: N/A View on NVD
2020-01-08
High

CVE-2016-6590

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Su…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-01-05
Critical

CVE-2019-19628

In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities u…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2019-12-31
High

CVE-2019-18568

Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.

CVSS: 8.8 CWE: CWE-680 - Integer Overflow to Buffer Overflow View on NVD
High

CVE-2019-7751

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2019-12-30
High

CVE-2019-19470

Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and inc…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2019-12-27
High

CVE-2013-4975

Hikvision DS-2CD7153-E IP Camera has Privilege Escalation

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-12-26
High

CVE-2019-6026

Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Ca…

CVSS: 7.8 CWE: N/A View on NVD
2019-12-24
High

CVE-2019-19695

A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.

CVSS: 7.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2019-12-23
High

CVE-2019-6685

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to a…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-12-20
High

CVE-2012-3409

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2019-12-19
Critical

CVE-2019-8256

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2019-11780

Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafte…

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2019-16444

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binar…

CVSS: 9.8 CWE: N/A View on NVD
2019-12-18
High

CVE-2019-17390

An issue was discovered in the Outlook add-in in Pronestor Planner before 8.1.77. There is local privilege escalation in the Health Monitor service because PronestorHealthMonitor.exe access control i…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-19688

A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-8802

A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15.1. A malicious application may be able to gain root privileges.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-8637

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to gain root privileges.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-8565

A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2019-12-17
High

CVE-2019-19315

NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot.

CVSS: 7.1 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2019-12-16
High

CVE-2019-18191

A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution pri…

CVSS: 8.8 CWE: CWE-459 - Incomplete Cleanup View on NVD
2019-12-13
High

CVE-2019-19501

VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe.

CVSS: 7.8 CWE: N/A View on NVD
2019-12-12
High

CVE-2019-18309

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileg…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2019-18308

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileg…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2019-18297

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending s…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2019-19248

Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-19247

Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).

CVSS: 7.8 CWE: N/A View on NVD
2019-12-11
High

CVE-2019-18232

SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker wi…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-19578

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "…

CVSS: 8.8 CWE: CWE-682 - Incorrect Calculation View on NVD
High

CVE-2019-19577

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height…

CVSS: 7.2 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-18377

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicatio…

CVSS: 7.2 CWE: N/A View on NVD
2019-12-10
High

CVE-2019-1483

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on th…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-1478

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1477

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vuln…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1476

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1458

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2013-0293

oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-12-09
High

CVE-2019-19684

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to…

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2019-12-06
High

CVE-2012-1615

A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-12-04
Medium

CVE-2019-19579

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2019-12-03
High

CVE-2019-5164

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resu…

CVSS: 7.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2019-19382

Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2019-12-02
Medium

CVE-2019-15689

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code…

CVSS: 6.7 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2019-19017

An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2019-19014

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-11-26
High

CVE-2015-7831

In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2011-4090

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2019-15595

A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2019-11-25
High

CVE-2019-13702

Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2019-18675

The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2012-5617

gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-11-21
High

CVE-2019-19197

IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 usi…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Critical

CVE-2019-18349

HotkeyP through 4.9 r96 allows privilege escalation in the privilege function in Commands.cpp.

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2019-15511

An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packe…

CVSS: 7.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2019-11-20
High

CVE-2019-3466

The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2019-6191

A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-6184

A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.

CVSS: 7.8 CWE: N/A View on NVD
2019-11-19
High

CVE-2011-3349

lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can a…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2011-4954

cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-11-15
High

CVE-2019-18372

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applic…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-12759

Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulner…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-12757

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-18368

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2011-2910

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would…

CVSS: 6.7 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived…

CVSS: 9.8 CWE: N/A View on NVD
2019-11-14
High

CVE-2019-7962

Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2019-7960

Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2019-18895

Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2019-11-13
Medium

CVE-2019-9467

In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User in…

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-3648

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious fi…

CVSS: 6.1 CWE: CWE-426 - Untrusted Search Path View on NVD
2019-11-12
High

CVE-2019-1438

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CV…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1437

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CV…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1435

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CV…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1434

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE I…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1433

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CV…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1425

An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.

CVSS: 6.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-1423

An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is u…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-1422

An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-1420

An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1417

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1416

An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2019-1415

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1408

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-1407

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CV…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1405

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerab…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2019-1396

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-1395

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-1394

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-1393

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-1392

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1388

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerabilit…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2019-1385

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability,…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-1383

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1382

An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2019-1380

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2019-1379

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This…

CVSS: 7.8 CWE: N/A View on NVD
2019-11-11
High

CVE-2019-18862

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.

CVSS: 7.8 CWE: N/A View on NVD
2019-11-06
Medium

CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not po…

CVSS: 4.9 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Critical

CVE-2006-4243

linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-11-05
High

CVE-2019-8127

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permi…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2019-16284

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of pr…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2019-10084

In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and…

CVSS: 7.5 CWE: CWE-311 - Missing Encryption of Sensitive Data View on NVD