Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elevation of privilege vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-12614
An issue exists in BeyondTrust Privilege Management for Windows up to and including 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is p...
Beyondtrust Privilege Management For Windows
8.8
CVSSv3
CVE-2020-12613
An issue exists in BeyondTrust Privilege Management for Windows up to and including 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the proce...
Beyondtrust Privilege Management For Windows
4.4
CVSSv3
CVE-2020-8152
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an malicious user to replace the public key to decrypt them later on.
Nextcloud Nextcloud Server
2 Github repositories
6.5
CVSSv3
CVE-2020-3153
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local malicious user to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect hand...
Cisco Anyconnect Secure Mobility Client
4 Github repositories
1 Article
7.8
CVSSv3
CVE-2020-8290
Backblaze for Windows and Backblaze for macOS prior to 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue cl...
Backblaze Backblaze
2 Github repositories
7.8
CVSSv3
CVE-2023-35631
Win32k Elevation of Privilege Vulnerability
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 11 23h2
Microsoft Windows Server 2022 23h2
7.8
CVSSv3
CVE-2024-21346
Win32k Elevation of Privilege Vulnerability
Microsoft Windows 11 23h2
Microsoft Windows 11 22h2
Microsoft Windows 11 21h2
Microsoft Windows Server 2022 23h2
8.8
CVSSv3
CVE-2024-21345
Windows Kernel Elevation of Privilege Vulnerability
Microsoft Windows Server 2022 23h2
2 Github repositories
7.8
CVSSv3
CVE-2018-8410
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Wi...
Microsoft Windows 10 -
Microsoft Windows 10 1607
Microsoft Windows 10 1703
Microsoft Windows 10 1803
Microsoft Windows 8.1 -
Microsoft Windows Server 2012
Microsoft Windows Server 2016
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2008
Microsoft Windows 10 1709
Microsoft Windows 7 -
1 EDB exploit
1 Github repository
7.8
CVSSv3
CVE-2018-18536
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and previous versions expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Asus Aura Sync Firmware 1.07.22
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »