CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 53/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2018-08-15
High

CVE-2018-8412

An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka "Microsoft (MAU) Office Elevation of Pri…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-8406

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerabilit…

CVSS: 7.8 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8405

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerabilit…

CVSS: 7.8 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8404

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows…

CVSS: 7.0 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8401

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerabilit…

CVSS: 7.8 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8400

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerabilit…

CVSS: 7.8 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8399

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows…

CVSS: 7.0 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8357

An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka "Microsoft Browser Elevation of Privilege Vulnerability." This affects Internet Explorer 11, Microsof…

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2018-8347

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka "Windows Kernel Elevation of Privilege Vuln…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-8343

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDI…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2018-8342

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDI…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2018-8339

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Insta…

CVSS: 7.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2018-8253

An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects W…

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2018-0952

An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulne…

CVSS: 7.8 CWE: N/A View on NVD
2018-08-13
High

CVE-2017-7500

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2018-08-08
High

CVE-2018-11769

CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possib…

CVSS: 7.2 CWE: N/A View on NVD
2018-08-06
High

CVE-2018-7059

Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2017-8992

HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent versio…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2016-8526

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If…

CVSS: 8.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2018-08-01
Medium

CVE-2016-8641

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the loca…

CVSS: 6.7 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2018-07-30
High

CVE-2017-7482

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2018-07-27
High

CVE-2017-2663

It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local a…

CVSS: 8.2 CWE: CWE-270 - Privilege Context Switching Error View on NVD
Medium

CVE-2017-15097

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the serv…

CVSS: 6.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2018-07-26
High

CVE-2018-10900

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2018-07-25
High

CVE-2018-5240

The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a u…

CVSS: 8.0 CWE: N/A View on NVD
2018-07-20
Critical

CVE-2018-12805

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.

CVSS: 9.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Critical

CVE-2018-12802

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to pr…

CVSS: 9.8 CWE: N/A View on NVD
2018-07-11
High

CVE-2018-8007

Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2018-8323

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2018-8314

An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R…

CVSS: 4.7 CWE: N/A View on NVD
High

CVE-2018-8313

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Wi…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2018-8308

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, W…

CVSS: 6.6 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2018-8299

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2018-8282

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affec…

CVSS: 7.8 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8202

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affect…

CVSS: 7.8 CWE: N/A View on NVD
2018-07-10
High

CVE-2018-3667

Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.

CVSS: 7.8 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
2018-07-09
High

CVE-2018-6857

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-6856

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-6855

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-6854

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x88…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-6853

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-6852

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-6851

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2018-11541

A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2018-07-06
High

CVE-2018-13110

All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previo…

CVSS: 7.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-07-05
Critical

CVE-2018-13052

In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin.

CVSS: 9.8 CWE: N/A View on NVD
2018-07-03
High

CVE-2018-7781

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear…

CVSS: 8.8 CWE: CWE-311 - Missing Encryption of Sensitive Data View on NVD
Critical

CVE-2018-13101

KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry…

CVSS: 9.8 CWE: N/A View on NVD
2018-07-02
High

CVE-2018-10843

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to…

CVSS: 8.5 CWE: CWE-20 - Improper Input Validation View on NVD
2018-06-27
Medium

CVE-2018-12904

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial…

CVSS: 4.9 CWE: N/A View on NVD
2018-06-20
High

CVE-2018-10841

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage poo…

CVSS: 8.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2018-5237

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege…

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privile…

CVSS: 7.2 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
Medium

CVE-2018-1117

ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin pa…

CVSS: 5.0 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2018-06-17
High

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently st…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2018-12026

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning comm…

CVSS: 9.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2018-06-16
High

CVE-2018-9859

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with Sy…

CVSS: 8.1 CWE: N/A View on NVD
2018-06-14
High

CVE-2018-6516

On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-17172

Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a us…

CVSS: 7.3 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2018-8254

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2018-8252

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2018-8247

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerabili…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2018-8244

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microso…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-8233

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows…

CVSS: 7.8 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8224

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Serv…

CVSS: 7.0 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8219

An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerabili…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2018-8214

An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This af…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-8208

An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This af…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-8169

An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability."…

CVSS: 7.0 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2018-8140

An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2018-1036

An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win…

CVSS: 7.0 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2018-0982

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windo…

CVSS: 7.0 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-06-11
Medium

CVE-2018-5172

The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2017-7836

The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2017-7766

An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-7760

The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing…

CVSS: 7.8 CWE: CWE-417 View on NVD
Critical

CVE-2017-5391

Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potent…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2017-5390

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vul…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2017-5386

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensio…

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2018-6515

Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-a…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-6514

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privil…

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2018-06-08
Medium

CVE-2018-10505

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the…

CVSS: 6.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-10359

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the…

CVSS: 6.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-10358

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the…

CVSS: 6.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-8926

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation att…

CVSS: 8.8 CWE: CWE-625 - Permissive Regular Expression View on NVD
2018-06-05
High

CVE-2018-10813

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of…

CVSS: 7.3 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2018-6662

Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input.

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2018-06-02
High

CVE-2018-11194

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2018-11193

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2018-11192

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2018-11191

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2018-11190

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2018-11189

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2018-06-01
High

CVE-2018-7949

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affect…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
2018-05-31
High

CVE-2018-6552

Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resou…

CVSS: 7.8 CWE: N/A View on NVD
2018-05-29
High

CVE-2018-6964

VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow…

CVSS: 7.8 CWE: N/A View on NVD
2018-05-25
Critical

CVE-2018-9091

A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthent…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2018-6236

A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2018-6235

An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-6233

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw with…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2018-6232

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw with…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2018-1565

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instanc…

CVSS: 8.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-1544

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instanc…

CVSS: 8.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-1515

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege es…

CVSS: 7.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-6674

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated pr…

CVSS: 6.8 CWE: CWE-264 View on NVD
2018-05-24
Medium

CVE-2017-14187

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary progr…

CVSS: 6.2 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2018-5485

NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.

CVSS: 7.8 CWE: N/A View on NVD
2018-05-23
High

CVE-2017-9317

Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obta…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2018-1122

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege esca…

CVSS: 7.3 CWE: CWE-829 - Inclusion of Functionality from Untrusted Control Sphere View on NVD
High

CVE-2018-1124

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can creat…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2018-05-22
High

CVE-2016-8656

Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.

CVSS: 7.0 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2018-6962

VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.

CVSS: 7.8 CWE: N/A View on NVD
2018-05-19
High

CVE-2018-4992

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-4938

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local pr…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2018-4927

Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2018-4873

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.

CVSS: 7.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2018-05-15
High

CVE-2018-1262

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administr…

CVSS: 7.2 CWE: N/A View on NVD
2018-05-14
High

CVE-2017-14434

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2017-14433

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD