CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 58/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-05-12
High

CVE-2017-0610

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2017-0609

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0608

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-0607

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD
High

CVE-2017-0606

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0604

An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated…

CVSS: 7.8 CWE: CWE-670 - Always-Incorrect Control Flow Implementation View on NVD
Medium

CVE-2017-0601

An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated a…

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2017-0597

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High bec…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2017-0596

An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0595

An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0594

An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context o…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2017-0593

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general by…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2017-0465

An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hi…

CVSS: 7.0 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2016-10291

An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hi…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10290

An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10289

An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10288

An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High b…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10287

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10286

An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10285

An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10284

An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10283

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10282

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hi…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10281

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hi…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10280

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hi…

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-10277

An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Cr…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-10276

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-10275

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-10274

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated a…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2017-0263

The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Se…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2017-0255

Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2017-0249

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

CVSS: 7.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-0246

The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607,…

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2017-0244

The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause d…

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2017-0241

An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and a…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2017-0233

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulner…

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2017-0214

Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 201…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0213

Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, an…

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2017-0212

Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows H…

CVSS: 7.6 CWE: CWE-20 - Improper Input Validation View on NVD
2017-05-11
Critical

CVE-2017-8898

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack use…

CVSS: 9.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-05-08
High

CVE-2016-8202

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate t…

CVSS: 8.8 CWE: CWE-264 View on NVD
2017-05-04
Medium

CVE-2017-4983

EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected…

CVSS: 6.7 CWE: N/A View on NVD
Critical

CVE-2017-8773

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validatio…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2017-05-02
High

CVE-2017-0331

An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic…

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Critical

CVE-2017-5689

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2017-04-28
High

CVE-2017-2125

Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.

CVSS: 8.8 CWE: N/A View on NVD
2017-04-26
High

CVE-2017-7293

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCO…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-04-24
Medium

CVE-2017-2318

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integr…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2015-8110

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within t…

CVSS: 7.8 CWE: CWE-264 View on NVD
2017-04-19
High

CVE-2017-7850

Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2017-04-14
High

CVE-2016-6299

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

CVSS: 7.8 CWE: CWE-264 View on NVD
2017-04-12
Medium

CVE-2017-0211

An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when…

CVSS: 5.5 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
High

CVE-2017-0210

An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject i…

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2017-0195

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office O…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2017-0189

An elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0166

An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by runn…

CVSS: 8.1 CWE: CWE-131 - Incorrect Calculation of Buffer Size View on NVD
High

CVE-2017-0165

An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handle…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0158

An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2017-0156

An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0155

The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Window…

CVSS: 7.0 CWE: N/A View on NVD
2017-04-10
High

CVE-2016-8235

Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2017-7622

dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Any…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2017-04-07
High

CVE-2017-0583

An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0582

An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0581

An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0580

An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0579

An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0578

An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High beca…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0577

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0576

An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated…

CVSS: 7.0 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2017-0575

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0574

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0573

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0572

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0571

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0570

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0569

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-131 - Incorrect Calculation of Buffer Size View on NVD
High

CVE-2017-0568

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0567

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0566

An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0565

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hi…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0564

An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Criti…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0563

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Cri…

CVSS: 7.8 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
High

CVE-2017-0562

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated a…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-0554

An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2017-0553

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because…

CVSS: 7.0 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2017-0546

An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High…

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2017-0545

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High bec…

CVSS: 7.8 CWE: CWE-682 - Incorrect Calculation View on NVD
High

CVE-2017-0544

An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution…

CVSS: 7.8 CWE: CWE-672 - Operation on a Resource after Expiration or Release View on NVD
High

CVE-2017-0462

An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2017-0454

An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2017-6598

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security…

CVSS: 6.7 CWE: CWE-862 - Missing Authorization View on NVD
2017-04-06
Medium

CVE-2016-5349

The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to le…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-2675

Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.ob…

CVSS: 7.8 CWE: N/A View on NVD
2017-04-05
High

CVE-2017-0339

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0332

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-0329

An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot an…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2017-0327

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2017-0325

An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
2017-04-04
High

CVE-2017-5683

Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access.

CVSS: 7.8 CWE: N/A View on NVD
2017-04-02
High

CVE-2016-2404

Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00;…

CVSS: 7.5 CWE: CWE-264 View on NVD
High

CVE-2015-8671

Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions.

CVSS: 8.8 CWE: CWE-264 View on NVD
High

CVE-2014-9696

The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalat…

CVSS: 8.8 CWE: CWE-264 View on NVD
2017-03-28
Critical

CVE-2016-10152

The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root…

CVSS: 9.8 CWE: CWE-264 View on NVD
2017-03-27
High

CVE-2016-10225

The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2017-5899

Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a…

CVSS: 7.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2017-03-24
Critical

CVE-2015-8556

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

CVSS: 10.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2017-03-23
High

CVE-2017-5207

Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2016-9775

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 L…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-9774

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2016-9167

NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would…

CVSS: 7.5 CWE: CWE-264 View on NVD
2017-03-20
High

CVE-2017-5618

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2017-03-17
High

CVE-2017-6967

xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configuration…

CVSS: 7.3 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2017-0154

Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it int…

CVSS: 4.4 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2017-0110

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microso…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2017-0103

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privi…

CVSS: 7.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-0102

Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-0101

The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-0100

A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 201…

CVSS: 7.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2017-0082

The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is…

CVSS: 7.8 CWE: N/A View on NVD