CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 61/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2016-11-15
High

CVE-2016-8661

Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access…

CVSS: 8.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-11-10
High

CVE-2016-7255

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 160…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2016-7254

Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS E…

CVSS: 8.8 CWE: CWE-264 View on NVD
High

CVE-2016-7253

The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecif…

CVSS: 8.8 CWE: CWE-264 View on NVD
High

CVE-2016-7250

Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL…

CVSS: 8.8 CWE: CWE-264 View on NVD
High

CVE-2016-7249

Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation o…

CVSS: 8.8 CWE: CWE-264 View on NVD
High

CVE-2016-7246

The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-7238

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016…

CVSS: 7.8 CWE: CWE-264 View on NVD
Medium

CVE-2016-7226

Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application,…

CVSS: 6.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2016-7225

Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application,…

CVSS: 6.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2016-7224

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files…

CVSS: 6.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2016-7223

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files…

CVSS: 6.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2016-7222

Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privil…

CVSS: 7.8 CWE: CWE-254 View on NVD
High

CVE-2016-7221

Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1…

CVSS: 7.8 CWE: CWE-264 View on NVD
Medium

CVE-2016-7216

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7215

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 160…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-7184

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-3343

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-3342

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-3340

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-3338

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-3335

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-3334

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-3333

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-3332

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-0026

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-11-08
High

CVE-2016-4960

For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privile…

CVSS: 7.3 CWE: CWE-20 - Improper Input Validation View on NVD
2016-10-31
High

CVE-2016-8856

Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbi…

CVSS: 7.8 CWE: CWE-275 View on NVD
2016-10-14
High

CVE-2016-7211

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and…

CVSS: 7.3 CWE: CWE-264 View on NVD
High

CVE-2016-7188

The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted applicatio…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-7185

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and…

CVSS: 7.8 CWE: CWE-264 View on NVD
Critical

CVE-2016-7182

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2016-3388

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsof…

CVSS: 5.3 CWE: CWE-264 View on NVD
High

CVE-2016-3387

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsof…

CVSS: 7.5 CWE: CWE-264 View on NVD
High

CVE-2016-3376

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2016-3341

The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3270

The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Go…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3266

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and…

CVSS: 7.8 CWE: CWE-264 View on NVD
Medium

CVE-2016-0079

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Wi…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-0075

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-0073

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-0070

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-10-13
High

CVE-2016-5425

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows l…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2016-10-03
High

CVE-2016-1240

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2016-09-26
High

CVE-2016-6276

Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors.

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-09-14
Medium

CVE-2016-3379

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, a…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2016-3373

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 doe…

CVSS: 5.5 CWE: CWE-264 View on NVD
Medium

CVE-2016-3372

The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cau…

CVSS: 6.6 CWE: CWE-264 View on NVD
Medium

CVE-2016-3371

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 doe…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-3355

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gol…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3349

The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Wi…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3348

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3346

Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain Administrator access via a crafted DLL, aka "Windows Permissions Enforcement Elevat…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3306

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishand…

CVSS: 7.8 CWE: CWE-19 View on NVD
High

CVE-2016-3305

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishand…

CVSS: 7.8 CWE: CWE-19 View on NVD
Medium

CVE-2016-3302

Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows…

CVSS: 6.3 CWE: CWE-264 View on NVD
Medium

CVE-2016-3292

Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Exp…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2016-08-09
High

CVE-2016-3311

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3310

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3309

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2016-3308

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3300

The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges b…

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-07-13
High

CVE-2016-5821

Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3286

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.3 CWE: CWE-264 View on NVD
High

CVE-2016-3254

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3252

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.3 CWE: CWE-264 View on NVD
High

CVE-2016-3250

The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

CVSS: 7.3 CWE: CWE-264 View on NVD
High

CVE-2016-3249

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.3 CWE: CWE-264 View on NVD
High

CVE-2016-3239

The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511…

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-06-24
High

CVE-2016-5723

Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors.

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-06-16
Critical

CVE-2016-3236

The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT…

CVSS: 9.8 CWE: CWE-19 View on NVD
High

CVE-2016-3231

The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of…

CVSS: 7.8 CWE: CWE-19 View on NVD
High

CVE-2016-3225

The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3223

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authenticatio…

CVSS: 8.1 CWE: CWE-264 View on NVD
High

CVE-2016-3221

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3220

atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Wi…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3219

The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3218

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3213

The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT…

CVSS: 8.8 CWE: CWE-264 View on NVD
2016-05-23
High

CVE-2016-2855

The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION…

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-05-11
High

CVE-2016-0197

dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gol…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0196

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0180

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles sym…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0178

The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishan…

CVSS: 8.8 CWE: CWE-264 View on NVD
High

CVE-2016-0176

dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, a…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0174

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0173

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0171

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-04-18
High

CVE-2016-3943

Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which al…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2015-7378

Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2016-04-12
High

CVE-2016-0167

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2016-0165

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2016-0161

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-015…

CVSS: 6.5 CWE: CWE-254 View on NVD
Medium

CVE-2016-0158

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-016…

CVSS: 6.5 CWE: CWE-254 View on NVD
High

CVE-2016-0143

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0135

The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

CVSS: 8.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-03-09
Medium

CVE-2016-0133

The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold…

CVSS: 6.8 CWE: CWE-264 View on NVD
High

CVE-2016-0099

The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 15…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2016-0096

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0095

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0094

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0093

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0087

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka "Window…

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-02-18
High

CVE-2016-0069

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vu…

CVSS: 8.8 CWE: CWE-264 View on NVD
High

CVE-2016-0068

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vu…

CVSS: 8.8 CWE: CWE-264 View on NVD
2016-02-10
High

CVE-2016-0051

The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0048

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0040

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege V…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2016-0036

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code v…

CVSS: 8.1 CWE: CWE-264 View on NVD
2016-01-13
High

CVE-2016-0020

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "MAPI DLL Loading…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2016-0014

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandl…

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2016-0007

The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Win…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-0006

The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Win…

CVSS: 7.3 CWE: CWE-264 View on NVD
Medium

CVE-2016-0005

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-12-09
High

CVE-2015-6175

The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability."

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2015-6174

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and…

CVSS: 7.2 CWE: CWE-264 View on NVD
High

CVE-2015-6173

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and…

CVSS: 7.2 CWE: CWE-264 View on NVD
High

CVE-2015-6171

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and…

CVSS: 7.2 CWE: CWE-264 View on NVD
Medium

CVE-2015-6170

Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability."

CVSS: 6.8 CWE: CWE-264 View on NVD
Critical

CVE-2015-6139

Microsoft Internet Explorer 11 and Microsoft Edge mishandle content types, which allows remote attackers to execute arbitrary web script in a privileged context via a crafted web site, aka "Microsoft…

CVSS: 9.3 CWE: CWE-264 View on NVD