CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 57/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-08-29
High

CVE-2015-3654

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than…

CVSS: 7.2 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2017-3746

ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code…

CVSS: 7.8 CWE: N/A View on NVD
2017-08-28
High

CVE-2015-8332

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and p…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2014-8428

Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.

CVSS: 9.8 CWE: CWE-264 View on NVD
2017-08-27
Critical

CVE-2017-13707

Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in or…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2017-08-25
High

CVE-2015-1325

Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and befo…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2015-1324

Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17…

CVSS: 7.8 CWE: CWE-264 View on NVD
2017-08-24
High

CVE-2017-0805

A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.

CVSS: 7.8 CWE: CWE-129 - Improper Validation of Array Index View on NVD
2017-08-18
High

CVE-2017-3756

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-12592

ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their priv…

CVSS: 8.8 CWE: N/A View on NVD
2017-08-17
Medium

CVE-2017-6785

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalatio…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2017-08-15
High

CVE-2017-8665

The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability."

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2017-08-11
Medium

CVE-2015-3615

Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involvin…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-08-09
High

CVE-2017-0750

A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-0749

A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0747

A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0746

A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0742

A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0741

A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0737

A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.

CVSS: 7.8 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2017-0732

A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0731

A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.

CVSS: 7.8 CWE: CWE-763 - Release of Invalid Pointer or Reference View on NVD
High

CVE-2017-0729

A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2017-0727

A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.

CVSS: 7.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2017-0712

A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-9370

An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain acc…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
2017-08-08
Medium

CVE-2017-8642

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation o…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2017-8633

Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server…

CVSS: 7.5 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2017-8624

CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-8622

Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privileg…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-8593

Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 all…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8503

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability".…

CVSS: 8.8 CWE: N/A View on NVD
2017-08-07
High

CVE-2017-12653

360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2017-08-02
High

CVE-2017-7642

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the enco…

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2017-1467

A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466.

CVSS: 8.1 CWE: N/A View on NVD
2017-08-01
High

CVE-2017-4921

VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issu…

CVSS: 8.8 CWE: N/A View on NVD
2017-07-28
Medium

CVE-2015-5191

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privil…

CVSS: 6.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2017-07-21
Critical

CVE-2017-7540

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user doe…

CVSS: 9.8 CWE: CWE-184 - Incomplete List of Disallowed Inputs View on NVD
2017-07-18
High

CVE-2017-6320

A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in whic…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2017-07-17
High

CVE-2017-2344

A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a priv…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2017-1000056

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2017-1000022

LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Critical

CVE-2017-1000003

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and ea…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2017-07-13
High

CVE-2017-6249

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Modera…

CVSS: 7.0 CWE: N/A View on NVD
2017-07-12
High

CVE-2017-4057

Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI te…

CVSS: 8.8 CWE: N/A View on NVD
2017-07-11
High

CVE-2017-8590

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation…

CVSS: 8.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8581

Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 all…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8580

Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 all…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8578

Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 all…

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8577

Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 all…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8574

Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Compone…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8573

Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 a…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8569

Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XS…

CVSS: 8.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2017-8566

Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM clas…

CVSS: 7.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-8563

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation…

CVSS: 8.1 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8562

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows impr…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8561

Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2017-8560

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlo…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2017-8559

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlo…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2017-8556

Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 a…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8467

Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2017-07-07
High

CVE-2017-0340

An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-07-06
High

CVE-2017-6248

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Modera…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-6247

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High d…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0711

A elevation of privilege vulnerability in the MediaTek networking driver. Product: Android. Versions: Android kernel. Android ID: A-36099953. References: M-ALPS03206781.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0710

A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0707

A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2017-0706

A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-0705

A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2017-0704

A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-33059280.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0703

A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2017-0684

A elevation of privilege vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35421151.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-0667

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-0666

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689.

CVSS: 7.8 CWE: CWE-682 - Incorrect Calculation View on NVD
High

CVE-2017-0665

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-0664

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278.

CVSS: 7.8 CWE: N/A View on NVD
2017-06-29
Medium

CVE-2017-3750

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2017-3749

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2017-3747

Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileg…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2017-8613

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "A…

CVSS: 8.1 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD
High

CVE-2017-8579

The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application…

CVSS: 7.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8576

The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted applicatio…

CVSS: 7.0 CWE: CWE-665 - Improper Initialization View on NVD
2017-06-26
High

CVE-2017-7496

fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary direc…

CVSS: 7.0 CWE: CWE-391 - Unchecked Error Condition View on NVD
2017-06-21
High

CVE-2017-4988

EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected syste…

CVSS: 7.2 CWE: N/A View on NVD
2017-06-15
High

CVE-2017-8552

A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of p…

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2017-8551

An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2017-8494

Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel…

CVSS: 7.3 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8468

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Win…

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8466

Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka "Windows Cursor Elevat…

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-8465

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Win…

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2017-0298

A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Wind…

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2017-0296

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attack…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2017-0193

Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201…

CVSS: 7.8 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
2017-06-14
High

CVE-2017-0649

An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Mode…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0648

An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High d…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2017-0645

An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-0636

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated…

CVSS: 7.0 CWE: N/A View on NVD
2017-06-13
Critical

CVE-2017-4992

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, a…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2017-06-09
Medium

CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks aga…

CVSS: 6.7 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2017-06-08
High

CVE-2017-7180

Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privi…

CVSS: 7.3 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2017-06-05
High

CVE-2017-8438

Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request.…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2017-05-30
High

CVE-2017-2305

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allow…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2017-05-28
Critical

CVE-2017-9232

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2017-05-23
High

CVE-2016-1876

The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.

CVSS: 7.8 CWE: CWE-264 View on NVD
2017-05-17
Medium

CVE-2017-4012

Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP re…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2017-8849

smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-8422

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

CVSS: 7.8 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
2017-05-12
High

CVE-2017-0623

An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High be…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0622

An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as…

CVSS: 7.0 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2017-0621

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0620

An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue…

CVSS: 7.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-0619

An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rate…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0618

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0617

An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0616

An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0615

An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0614

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the…

CVSS: 7.0 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2017-0613

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the…

CVSS: 7.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-0612

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the…

CVSS: 7.0 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2017-0611

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD