CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 63/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2011-07-13
High

CVE-2011-1281

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2011-06-16
High

CVE-2011-1249

The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Go…

CVSS: 7.2 CWE: CWE-264 View on NVD
2011-06-09
High

CVE-2011-1823

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privile…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2011-02-09
Medium

CVE-2011-0030

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive info…

CVSS: 4.7 CWE: CWE-264 View on NVD
2011-02-04
High

CVE-2011-0649

Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before…

CVSS: 7.2 CWE: N/A View on NVD
2011-01-20
Medium

CVE-2011-0008

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who…

CVSS: 6.9 CWE: N/A View on NVD
2010-11-10
Medium

CVE-2010-2733

Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-09-15
Medium

CVE-2010-1891

The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properl…

CVSS: 6.9 CWE: CWE-264 View on NVD
Critical

CVE-2010-3009

Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.

CVSS: 9.0 CWE: N/A View on NVD
2010-08-16
Medium

CVE-2010-1886

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a proc…

CVSS: 6.8 CWE: CWE-264 View on NVD
2010-04-01
Critical

CVE-2010-1225

The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does…

CVSS: 9.3 CWE: CWE-264 View on NVD
2009-12-29
Medium

CVE-2009-4452

Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and…

CVSS: 6.8 CWE: CWE-264 View on NVD
2009-09-11
Medium

CVE-2008-7211

CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moad…

CVSS: 6.9 CWE: N/A View on NVD
2009-07-31
Critical

CVE-2009-1863

Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly…

CVSS: 9.3 CWE: CWE-264 View on NVD
2009-07-21
High

CVE-2009-2564

NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\…

CVSS: 7.2 CWE: CWE-264 View on NVD
2009-06-08
High

CVE-2008-6827

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "…

CVSS: 7.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2009-04-10
Critical

CVE-2008-6710

Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain ro…

CVSS: 9.0 CWE: N/A View on NVD
Critical

CVE-2008-6708

Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated admin…

CVSS: 9.0 CWE: N/A View on NVD
2009-03-30
High

CVE-2008-6559

Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a fil…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2008-6558

Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable t…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
2009-03-25
Medium

CVE-2009-0207

Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxf…

CVSS: 6.8 CWE: N/A View on NVD
2009-01-30
High

CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2008-10-15
High

CVE-2008-4036

Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application th…

CVSS: 8.4 CWE: CWE-189 View on NVD
2008-08-20
Critical

CVE-2008-3733

Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a Projec…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2008-08-08
Critical

CVE-2008-3552

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP pri…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2008-3553

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and per…

CVSS: 10.0 CWE: CWE-264 View on NVD
2008-06-03
Critical

CVE-2008-2540

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into…

CVSS: 9.3 CWE: CWE-264 View on NVD
2008-05-08
High

CVE-2008-2112

Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig.

CVSS: 8.5 CWE: N/A View on NVD
2008-04-16
Medium

CVE-2008-1811

Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. NOTE: the prev…

CVSS: 5.5 CWE: N/A View on NVD
2008-03-27
Critical

CVE-2008-1235

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause…

CVSS: 9.3 CWE: N/A View on NVD
2008-02-13
Medium

CVE-2007-5757

Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE envir…

CVSS: 6.9 CWE: CWE-264 View on NVD
2008-02-12
High

CVE-2008-0600

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted ar…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2008-0697

Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-264 View on NVD
2008-02-08
Medium

CVE-2008-0415

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attack…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2008-01-04
High

CVE-2007-6645

Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."

CVSS: 7.5 CWE: CWE-264 View on NVD
2007-11-05
Medium

CVE-2007-5829

The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permi…

CVSS: 6.0 CWE: CWE-264 View on NVD
2007-10-30
Medium

CVE-2007-4277

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) fo…

CVSS: 6.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-10-04
Medium

CVE-2007-5194

The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain r…

CVSS: 6.9 CWE: CWE-264 View on NVD
2007-08-18
Medium

CVE-2007-4270

Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files.

CVSS: 6.9 CWE: N/A View on NVD
2007-08-17
High

CVE-2007-4390

The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying opera…

CVSS: 7.2 CWE: CWE-264 View on NVD
2007-08-15
Medium

CVE-2007-4353

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall program…

CVSS: 6.9 CWE: N/A View on NVD
2007-08-08
Medium

CVE-2007-4236

Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.

CVSS: 6.9 CWE: N/A View on NVD
Medium

CVE-2007-4237

Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.

CVSS: 6.9 CWE: N/A View on NVD
Medium

CVE-2007-4238

AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.

CVSS: 6.9 CWE: N/A View on NVD
2007-07-27
Medium

CVE-2007-1354

The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user,…

CVSS: 6.0 CWE: N/A View on NVD
2007-05-24
High

CVE-2007-0752

The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins…

CVSS: 7.2 CWE: N/A View on NVD
2007-04-04
High

CVE-2006-5586

The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invali…

CVSS: 7.2 CWE: N/A View on NVD
2007-03-09
Medium

CVE-2007-1370

Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_…

CVSS: 6.2 CWE: N/A View on NVD
2007-02-22
Medium

CVE-2007-1065

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Cl…

CVSS: 6.8 CWE: N/A View on NVD
2007-01-18
Medium

CVE-2007-0345

The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/…

CVSS: 6.8 CWE: N/A View on NVD
2006-12-10
High

CVE-2006-6418

Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 UNIX 4.0F PK8, 4.0G PK4, and 5.1A PK6 allows local users to gain root privileges via a long PTHREAD_CONFIG environment variable.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-12-06
Medium

CVE-2006-6308

Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser win…

CVSS: 4.3 CWE: N/A View on NVD
2006-11-28
Medium

CVE-2006-6131

Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privi…

CVSS: 6.2 CWE: N/A View on NVD
2006-11-22
High

CVE-2006-3973

My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.

CVSS: 7.2 CWE: N/A View on NVD
2006-11-18
High

CVE-2006-4413

Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root…

CVSS: 7.2 CWE: N/A View on NVD
2006-11-08
Medium

CVE-2006-5808

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to ga…

CVSS: 4.6 CWE: N/A View on NVD
2006-09-07
Medium

CVE-2006-4619

The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the (1) IParam parameter, and…

CVSS: 4.6 CWE: N/A View on NVD
2006-08-23
High

CVE-2006-4316

SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2006-3745

Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (pani…

CVSS: 7.2 CWE: N/A View on NVD
2006-08-09
High

CVE-2006-3443

Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directo…

CVSS: 7.2 CWE: CWE-264 View on NVD
2006-07-18
Medium

CVE-2006-3626

Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.

CVSS: 6.2 CWE: N/A View on NVD
2006-07-06
High

CVE-2006-3378

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileg…

CVSS: 7.2 CWE: N/A View on NVD
2006-06-15
High

CVE-2006-2916

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causin…

CVSS: 7.8 CWE: CWE-273 - Improper Check for Dropped Privileges View on NVD
2006-06-13
Critical

CVE-2006-2373

The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCsc…

CVSS: 10.0 CWE: CWE-264 View on NVD
2006-05-25
High

CVE-2006-2607

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or res…

CVSS: 7.2 CWE: N/A View on NVD
2006-03-30
High

CVE-2006-1506

Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges.

CVSS: 7.2 CWE: N/A View on NVD
2006-03-24
High

CVE-2006-1379

Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs s…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2006-1380

ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local us…

CVSS: 7.2 CWE: CWE-264 View on NVD
Critical

CVE-2006-1381

Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.

CVSS: 10.0 CWE: N/A View on NVD
2006-03-23
High

CVE-2006-1283

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might all…

CVSS: 7.2 CWE: N/A View on NVD
2006-02-08
High

CVE-2006-0577

Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option,…

CVSS: 7.2 CWE: N/A View on NVD
2005-12-31
High

CVE-2005-3629

initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to ga…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2005-4776

Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause…

CVSS: 7.2 CWE: N/A View on NVD
2005-12-28
High

CVE-2005-3345

rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.

CVSS: 7.2 CWE: N/A View on NVD
2005-12-14
High

CVE-2005-3360

The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (d…

CVSS: 7.2 CWE: N/A View on NVD
2005-11-29
High

CVE-2005-3886

Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certa…

CVSS: 7.2 CWE: N/A View on NVD
2005-11-23
Medium

CVE-2005-3784

The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of serv…

CVSS: 4.9 CWE: CWE-399 View on NVD
2005-10-20
High

CVE-2005-3269

Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2005-05-02
High

CVE-2005-0816

Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.

CVSS: 7.2 CWE: N/A View on NVD
Critical

CVE-2005-1037

Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2005-1040

Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."

CVSS: 7.2 CWE: N/A View on NVD
2005-01-27
High

CVE-2004-0887

SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to gain root privileges.

CVSS: 7.2 CWE: N/A View on NVD
2004-12-31
High

CVE-2004-2012

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before settin…

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2004-2125

Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI fil…

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2004-2430

Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privilege…

CVSS: 7.2 CWE: N/A View on NVD
2004-09-28
High

CVE-2003-1052

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.

CVSS: 7.2 CWE: N/A View on NVD
2004-08-06
High

CVE-2004-0213

Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sen…

CVSS: 7.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Critical

CVE-2004-0524

Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.

CVSS: 10.0 CWE: N/A View on NVD
2004-07-30
High

CVE-2004-1707

The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, whic…

CVSS: 7.2 CWE: N/A View on NVD
2004-04-15
High

CVE-2003-1033

The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver progra…

CVSS: 7.2 CWE: N/A View on NVD
2004-03-15
High

CVE-2004-0186

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are…

CVSS: 7.2 CWE: N/A View on NVD
2004-03-03
High

CVE-2004-0077

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number…

CVSS: 7.2 CWE: N/A View on NVD
2004-02-03
High

CVE-2003-0994

The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and…

CVSS: 7.2 CWE: N/A View on NVD
2004-01-14
High

CVE-2004-1764

Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.

CVSS: 7.2 CWE: N/A View on NVD
2003-12-31
Critical

CVE-2003-0959

Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vecto…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2003-1082

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.

CVSS: 7.2 CWE: N/A View on NVD
Critical

CVE-2003-1361

Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.

CVSS: 10.0 CWE: N/A View on NVD
2003-12-15
High

CVE-2003-0936

Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2003-0938

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2003-0961

Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.

CVSS: 7.2 CWE: N/A View on NVD
2003-11-17
High

CVE-2003-0840

Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.

CVSS: 7.2 CWE: N/A View on NVD
2003-10-06
Critical

CVE-2003-0690

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as de…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2003-0697

Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2003-0758

Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2003-0759

Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2003-0783

Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges.

CVSS: 7.2 CWE: N/A View on NVD
Critical

CVE-2003-0784

Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd,…

CVSS: 10.0 CWE: N/A View on NVD
2003-09-22
Critical

CVE-2003-0722

The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain…

CVSS: 10.0 CWE: N/A View on NVD
2003-08-27
Critical

CVE-2003-0575

Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2003-0597

Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2003-0609

Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2003-0631

VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual ma…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2003-0655

rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is…

CVSS: 7.2 CWE: N/A View on NVD
2003-07-02
High

CVE-2003-0385

Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option.

CVSS: 7.2 CWE: N/A View on NVD
2003-06-19
High

CVE-2003-1067

Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to…

CVSS: 7.2 CWE: N/A View on NVD
2003-06-06
High

CVE-2003-1068

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.

CVSS: 7.2 CWE: N/A View on NVD
2003-05-27
Medium

CVE-2003-0261

fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges.

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2003-0262

leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, whic…

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2003-0265

Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by…

CVSS: 6.2 CWE: N/A View on NVD
2003-05-12
High

CVE-2003-0221

The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack.

CVSS: 7.2 CWE: N/A View on NVD