CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 55/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2018-03-14
High

CVE-2018-0880

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed,…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0877

The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file pa…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-0868

Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 7.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0817

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0816

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0815

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memo…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0808

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2018-0787

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privileg…

CVSS: 8.8 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD
High

CVE-2018-1386

IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-03-12
High

CVE-2018-6623

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on…

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-03-08
High

CVE-2014-7272

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may h…

CVSS: 7.8 CWE: CWE-264 View on NVD
2018-03-05
Critical

CVE-2018-7716

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that al…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2018-7715

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that al…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2018-7493

CactusVPN through 6.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary ap…

CVSS: 9.8 CWE: N/A View on NVD
2018-02-28
High

CVE-2018-6947

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevatio…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
2018-02-27
High

CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation,…

CVSS: 7.8 CWE: CWE-264 View on NVD
2018-02-26
Medium

CVE-2018-0908

Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2018-7484

An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNServic…

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2018-02-21
High

CVE-2018-7311

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed…

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2018-7281

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a s…

CVSS: 8.8 CWE: N/A View on NVD
2018-02-15
High

CVE-2017-5825

A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker…

CVSS: 5.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2018-0869

SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2018-0850

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the for…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2018-0846

The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709,…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-0844

The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709,…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-0842

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0831

The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are han…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-0828

Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vuln…

CVSS: 7.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2018-0826

Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects a…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0823

The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "N…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0822

NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windo…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0821

AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonatio…

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2018-0820

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-0809

The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows El…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0756

The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handle…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-0742

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13273

In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed…

CVSS: 7.0 CWE: N/A View on NVD
2018-02-13
High

CVE-2017-1714

IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.

CVSS: 7.8 CWE: N/A View on NVD
2018-02-12
High

CVE-2017-13247

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User int…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2017-13245

A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13244

A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13231

In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2016-8742

The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a…

CVSS: 7.8 CWE: CWE-264 View on NVD
2018-02-07
High

CVE-2017-17482

An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local pr…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2018-02-06
High

CVE-2018-6290

Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-6279

NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-6258

NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2018-02-02
High

CVE-2017-14180

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial…

CVSS: 7.8 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2017-14179

Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of servi…

CVSS: 7.8 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2017-14177

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via…

CVSS: 7.8 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2018-01-31
High

CVE-2017-16945

The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2017-16928

The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/bl…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Critical

CVE-2018-6476

In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
2018-01-23
High

CVE-2017-2740

A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local una…

CVSS: 7.8 CWE: N/A View on NVD
2018-01-18
Medium

CVE-2018-0096

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtua…

CVSS: 5.9 CWE: CWE-264 View on NVD
2018-01-12
High

CVE-2017-13226

An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13225

In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privilege…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-13221

An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13220

An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2017-13217

In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-13216

In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-13215

A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13213

An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13212

An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13210

In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-13209

In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2017-13184

In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privilege…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-13183

In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2017-13182

In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2017-13181

In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code exe…

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2017-13180

In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-13176

In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction req…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-0869

NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2018-01-11
High

CVE-2018-5189

Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2018-01-10
High

CVE-2018-0012

Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-12189

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This is…

CVSS: 7.8 CWE: CWE-282 - Improper Ownership Management View on NVD
High

CVE-2017-7536

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, ar…

CVSS: 7.0 CWE: CWE-592 View on NVD
High

CVE-2018-0790

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2018-0789

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2018-0784

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique fro…

CVSS: 8.8 CWE: N/A View on NVD
2018-01-09
Medium

CVE-2017-15129

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::…

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2018-01-08
Critical

CVE-2014-5334

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.

CVSS: 9.8 CWE: CWE-254 View on NVD
2018-01-05
High

CVE-2017-4946

The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2018-01-04
Medium

CVE-2018-0803

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Mic…

CVSS: 4.2 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2018-0788

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vu…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0752

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of p…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2018-0751

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of p…

CVSS: 7.1 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2018-0750

The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation o…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2018-0749

The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, W…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-0748

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2018-0744

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privi…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0743

Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in…

CVSS: 7.0 CWE: N/A View on NVD
2018-01-02
High

CVE-2017-9966

A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges a…

CVSS: 7.1 CWE: N/A View on NVD
2017-12-27
High

CVE-2016-6914

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2017-12-20
High

CVE-2017-4943

VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low p…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2017-12-18
High

CVE-2017-15103

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2017-12-15
High

CVE-2017-16788

Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users w…

CVSS: 7.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2017-12-14
High

CVE-2017-7344

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when…

CVSS: 8.1 CWE: N/A View on NVD
2017-12-13
Medium

CVE-2017-14380

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_…

CVSS: 6.7 CWE: CWE-269 - Improper Privilege Management View on NVD
2017-12-12
High

CVE-2017-11936

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
2017-12-11
High

CVE-2014-8358

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the…

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2017-15870

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."

CVSS: 6.7 CWE: N/A View on NVD
2017-12-08
High

CVE-2017-12823

Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-12-06
High

CVE-2017-6276

NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly le…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-6263

NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to improper usage of the list_for_each kernel macro which could enable unauthorized code executi…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-6262

NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevatio…

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-13174

An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13173

An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13172

An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287. References: M-ALPS03495791.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13171

An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13170

An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13168

An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2017-13167

An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13166

An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2017-13165

An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.

CVSS: 5.3 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2017-13163

An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13162

An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13161

An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. References: BC-V2017092501.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13156

An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.

CVSS: 7.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD