Medium
CVE-2000-0851
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerabilit…
Tag: Privilege Escalation
All CVEs associated with "Privilege Escalation". Page 65/66 • 7822 CVEs.
Subscribe CVEs: RSS for “Privilege Escalation” · RSS (High+Critical only)
About “Privilege Escalation”
A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2000-11-14
High
CVE-2000-0852
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
High
CVE-2000-0865
Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument.
High
CVE-2000-0867
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
2000-10-20
High
CVE-2000-0712
Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.
High
CVE-2000-0749
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
High
CVE-2000-0752
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.
Critical
CVE-2000-0757
The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed.
High
CVE-2000-0763
xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.
High
CVE-2000-0794
Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview.
High
CVE-2000-0795
Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.
High
CVE-2000-0796
Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.
Critical
CVE-2000-0800
String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges.
High
CVE-2000-0801
Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.
2000-07-16
Critical
CVE-2000-0666
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
2000-07-12
High
CVE-2000-0372
Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.
2000-06-21
High
CVE-2000-0606
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
High
CVE-2000-0607
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
2000-06-20
High
CVE-2000-0466
AIX cdmount allows local users to gain root privileges via shell metacharacters.
2000-06-14
High
CVE-2000-0471
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
Critical
CVE-2000-0514
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.
2000-06-01
High
CVE-2000-0467
Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function.
2000-05-16
Critical
CVE-2000-0389
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
Critical
CVE-2000-0390
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
Critical
CVE-2000-0391
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
High
CVE-2000-0392
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
2000-04-27
High
CVE-1999-0706
Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.
2000-04-24
High
CVE-2000-0316
Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.
High
CVE-2000-0317
Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.
High
CVE-2000-0337
Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.
2000-04-21
Critical
CVE-2000-0295
Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command.
2000-04-11
High
CVE-1999-0979
The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.
2000-04-10
High
CVE-2000-0294
Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.
2000-03-27
High
CVE-2000-0235
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
2000-03-22
High
CVE-2000-0247
Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.
2000-03-16
High
CVE-2000-0231
Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.
2000-03-13
High
CVE-2000-0230
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
2000-03-11
High
CVE-2000-0171
atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.
2000-03-10
High
CVE-2000-0223
Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.
2000-03-03
High
CVE-2000-0172
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
2000-03-02
High
CVE-1999-0693
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
2000-02-21
Medium
CVE-2000-0163
asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.
2000-02-16
High
CVE-2000-0094
procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.
2000-02-15
Low
CVE-2000-0224
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.
2000-02-03
High
CVE-2000-0218
Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.
2000-01-27
High
CVE-2000-1216
Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine.
2000-01-21
Critical
CVE-2000-0091
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
2000-01-08
Critical
CVE-2000-1220
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, a…
1999-12-31
High
CVE-1999-1307
Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges.
High
CVE-1999-1327
Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.
High
CVE-1999-1382
NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting…
Critical
CVE-1999-1584
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root pr…
High
CVE-1999-1585
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with ph…
High
CVE-1999-1589
Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.
1999-12-21
Critical
CVE-2000-0017
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.
1999-12-10
Critical
CVE-1999-0977
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
1999-12-09
Critical
CVE-1999-0974
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
1999-12-07
Critical
CVE-1999-0973
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
1999-12-03
High
CVE-1999-0866
Buffer overflow in UnixWare xauto program allows local users to gain root privilege.
1999-12-01
High
CVE-1999-0963
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.
1999-11-30
High
CVE-1999-0841
Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type.
1999-11-04
High
CVE-1999-1571
Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may allow local users to gain root privileges via a long -f parameter, a different vulnerability than CVE-1999-1570.
1999-11-02
High
CVE-1999-0948
Buffer overflow in uum program for Canna input system allows local users to gain root privileges.
High
CVE-1999-0949
Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
1999-10-22
High
CVE-2000-0362
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.
Medium
CVE-2000-0363
Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.
1999-10-04
High
CVE-1999-0942
UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes.
1999-10-01
Critical
CVE-1999-0879
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
1999-09-21
High
CVE-1999-0708
Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field.
1999-09-13
High
CVE-1999-0691
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
1999-09-09
High
CVE-1999-0697
SCO Doctor allows local users to gain root privileges through a Tools option.
1999-08-22
Critical
CVE-1999-0878
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
1999-08-10
High
CVE-1999-0813
Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges.
1999-07-21
High
CVE-1999-1165
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) r…
1999-07-19
Critical
CVE-1999-0692
The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.
1999-07-11
High
CVE-1999-1166
Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.
1999-06-11
High
CVE-1999-0713
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
1999-06-01
High
CVE-2000-0373
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
1999-05-11
High
CVE-1999-0785
The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.
1999-03-17
High
CVE-1999-0420
umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.
1999-02-24
High
CVE-1999-1247
Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.
1999-02-18
High
CVE-2000-0367
Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.
1999-01-25
High
CVE-1999-1458
Buffer overflow in at program in Digital UNIX 4.0 allows local users to gain root privileges via a long command line argument.
1999-01-17
High
CVE-1999-0457
Linux ftpwatch program allows local users to gain root privileges.
1998-11-02
High
CVE-1999-1459
BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file.
1998-10-06
High
CVE-1999-1185
Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file.
1998-09-29
High
CVE-1999-1181
Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.
1998-05-16
High
CVE-1999-1096
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
1998-04-28
High
CVE-1999-1390
suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line.
1998-04-08
High
CVE-1999-1114
Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.
1998-03-01
High
CVE-1999-1272
Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges.
1998-01-21
High
CVE-1999-1487
Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system.
1998-01-10
High
CVE-1999-1176
Buffer overflow in cidentd ident daemon allows local users to gain root privileges via a long line in the .authlie script.
1997-12-14
High
CVE-1999-1140
Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field.
1997-11-20
High
CVE-1999-1209
Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.
1997-11-10
Medium
CVE-1999-1427
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.
1997-11-01
High
CVE-1999-0328
SGI permissions program allows local users to gain root privileges.
1997-09-19
High
CVE-1999-0956
The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service.
1997-09-01
High
CVE-1999-1139
Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.
1997-08-20
High
CVE-1999-1399
spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed.
1997-07-30
High
CVE-1999-1419
Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.
1997-07-22
High
CVE-1999-0971
Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.
1997-07-21
High
CVE-1999-1208
Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.
1997-06-24
High
CVE-1999-1192
Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
1997-05-19
High
CVE-1999-1191
Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
1997-05-14
High
CVE-1999-0962
Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option.
1997-05-13
High
CVE-1999-1158
Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these…
1997-05-09
Medium
CVE-1999-1410
addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file.
1997-05-03
High
CVE-1999-1116
Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.
1997-04-29
High
CVE-1999-1296
Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via th…
1997-03-04
High
CVE-1999-1489
Buffer overflow in TestChip function in XFree86 SuperProbe in Slackware Linux 3.1 allows local users to gain root privileges via a long -nopr argument.
1997-02-02
Critical
CVE-1999-1160
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
1997-01-27
High
CVE-1999-0966
Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].
1996-12-20
High
CVE-1999-1026
aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.
1996-11-16
High
CVE-1999-0130
Local users can start Sendmail in daemon mode and gain root privileges.
1996-11-03
High
CVE-1999-1161
Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.
1996-10-30
High
CVE-1999-1384
Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst…
1996-09-21
Medium
CVE-1999-0961
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
1996-09-04
High
CVE-1999-1252
Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges.
1996-06-07
High
CVE-1999-1253
Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges.