CWE-269: Improper Privilege Management

This vulnerability allows local attackers to escalate privileges on Windows systems by exploiting a flaw in the Container Manager Service. Attackers c...

CVE-2020-27518 is a local privilege escalation vulnerability in Windscribe VPN's WindscribeService component. Attackers with low-privilege access can ...

CVE-2020-27519 is a local privilege escalation vulnerability in Pritunl Client's pritunl-service component. Attackers can exploit malicious OpenVPN co...

This vulnerability allows local users on Debian systems with xscreensaver 5.42+dfsg1-1 to escalate privileges due to improper capability assignment. T...

CVE-2021-21981 is a privilege escalation vulnerability in VMware NSX-T where local guest users can assign themselves higher RBAC privileges than autho...

This CVE describes a local privilege escalation vulnerability in McAfee DLP Endpoint for Windows. A low-privileged local attacker can write to arbitra...

CVE-2021-28313 is an elevation of privilege vulnerability in Microsoft's Diagnostics Hub Standard Collector Service. It allows authenticated attackers...

CVE-2021-1802 is a local privilege escalation vulnerability in macOS that allows an attacker with local access to gain elevated system privileges. Thi...

CVE-2021-1787 is a privilege escalation vulnerability in Apple operating systems that allows a local attacker to gain elevated privileges. This affect...

This macOS vulnerability allows malicious applications to bypass security restrictions and gain elevated privileges. It affects macOS systems running ...

CVE-2020-27938 is a privilege escalation vulnerability in macOS that allows malicious applications to gain elevated system privileges. This affects ma...

CVE-2021-28250 is a privilege escalation vulnerability in CA eHealth Performance Manager where the runpicEhealth executable improperly handles setuid/...

This CVE describes a local privilege escalation vulnerability in Netop Vision Pro Windows clients. It allows a local user with standard privileges to ...

CVE-2021-1640 is a privilege escalation vulnerability in the Windows Print Spooler service that allows authenticated attackers to execute arbitrary co...

CVE-2021-24102 is a Windows Event Tracing elevation of privilege vulnerability that allows authenticated attackers to execute arbitrary code with SYST...

This vulnerability in Microsoft Defender allows an authenticated attacker to execute arbitrary code with SYSTEM privileges by exploiting improper hand...

This is a Windows Win32k elevation of privilege vulnerability that allows authenticated attackers to execute arbitrary code with SYSTEM privileges. It...

This vulnerability allows a local attacker to escalate privileges to root by manipulating video output paths in ReplaySorcery's default setuid-root co...

This vulnerability allows local attackers to bypass Android's permission system by exploiting a flaw in how binder identities are restored in the Acti...

This vulnerability allows a local user on a Windows system to bypass security controls in McAfee Total Protection, gaining SYSTEM-level privileges to ...

CVE-2021-1687 is an elevation of privilege vulnerability in Windows WalletService that allows authenticated attackers to execute arbitrary code with S...

CVE-2021-1689 is an elevation of privilege vulnerability in Windows Multipoint Management that allows authenticated attackers to execute arbitrary cod...

CVE-2021-1693 is an elevation of privilege vulnerability in the Windows Client Side Caching (CSC) service. It allows authenticated attackers to execut...

CVE-2021-1695 is an elevation of privilege vulnerability in the Windows Print Spooler service that allows authenticated attackers to execute arbitrary...

CVE-2021-1697 is an elevation of privilege vulnerability in Windows InstallService that allows authenticated attackers to execute arbitrary code with ...

CVE-2021-1702 is an elevation of privilege vulnerability in Windows Remote Procedure Call (RPC) Runtime that allows authenticated attackers to execute...

CVE-2021-1680 is an elevation of privilege vulnerability in Windows Diagnostics Hub Standard Collector. It allows authenticated attackers to execute a...

CVE-2021-1653 is an elevation of privilege vulnerability in the Windows Client Side Caching (CSC) service. It allows authenticated attackers to execut...

This vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges on Windows systems by exploiting the Client Side ...

CVE-2021-1657 is a remote code execution vulnerability in the Windows Fax Compose Form. An attacker could exploit this by tricking a user into opening...

This vulnerability allows a local authenticated attacker to execute arbitrary code with SYSTEM privileges on Windows systems. It affects Windows Clien...

This vulnerability in Windows AppX Deployment Extensions allows attackers to elevate privileges on affected systems. An authenticated attacker could e...

This vulnerability in Microsoft's Active Template Library allows attackers to execute arbitrary code with elevated privileges on affected systems. It ...

This vulnerability allows a local attacker to execute arbitrary code with SYSTEM privileges on Windows systems. It affects Windows 10, Windows Server ...

This vulnerability allows Android apps to bypass permission checks during major version upgrades, granting them the ACTIVITY_RECOGNITION permission wi...

CVE-2018-8724 is a local privilege escalation vulnerability in K7AntiVirus Premium where the K7TSMngr.exe component has incorrect access control. This...

This vulnerability allows local attackers to escalate privileges on systems running vulnerable Backblaze backup software. By exploiting improper permi...

CVE-2020-25106 is a privilege escalation vulnerability in Nanosystems SupRemo 4.1.3.2348 that allows attackers to rename the legitimate Supremo.exe fi...

This CVE-2020-9114 is a privilege escalation vulnerability in Huawei FusionCompute virtualization software. Attackers with common user privileges can ...

This Windows Installer vulnerability allows a local attacker to execute arbitrary code with SYSTEM privileges by exploiting improper input sanitizatio...

CVE-2019-1162 is a Windows privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) mechanism. An attacker with local access can...

This vulnerability allows any authenticated Rocket.Chat user to access OAuth application credentials (client_id and client_secret) by querying the /ap...

A Local Privilege Escalation vulnerability in K7 Ultimate Security allows unprivileged local users to edit any registry key via insecure named pipe ac...

An authenticated attacker can exploit improper input validation in MAAS's websocket handler to self-promote to administrator by injecting the is_super...

This vulnerability in Oracle Database Server's Java VM component allows attackers with low privileges (Create Session, Create Procedure) and network a...

This vulnerability in EnterpriseDB Postgres Advanced Server (EPAS) allows low-privilege users using the edbldr utility to bypass role permissions and ...

This CVE describes an improper privilege management vulnerability in Lunar software that allows attackers to perform secondary process injection. By e...

This vulnerability in PingDirectory's Delegated Admin Privilege virtual attribute provider plugin allows authenticated users to elevate their permissi...

This CVE describes a local privilege escalation vulnerability in apport-cli versions 2.26.0 and earlier. It allows unprivileged users to gain root pri...

This vulnerability in FortiClient for Windows allows a local attacker to write arbitrary files to the system due to unnecessary privileges. It affects...