Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2017-1000373
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows malicious users to consume arbitrary amounts of stack memory and manipulate st...
Openbsd Openbsd
1 EDB exploit
7.2
CVSSv2
CVE-2017-11322
The chroothole_client executable in UCOPIA Wireless Appliance prior to 5.1.8 allows remote malicious users to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
Ucopia Ucopia Wireless Appliance
1 EDB exploit
5
CVSSv2
CVE-2017-5227
QNAP QTS prior to 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
Qnap Qts
1 EDB exploit
6
CVSSv2
CVE-2017-3316
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox before 5.0.32 and before 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
Oracle Vm Virtualbox 5.0.30
Oracle Vm Virtualbox 5.1.12
1 EDB exploit
4.6
CVSSv2
CVE-2019-18862
maidag in GNU Mailutils prior to 3.8 is installed setuid and allows local privilege escalation in the url mode.
Gnu Mailutils
1 EDB exploit
7.2
CVSSv2
CVE-2018-0438
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local malicious user to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is d...
Cisco Umbrella Enterprise Roaming Client
1 EDB exploit
NA
CVE-2023-36594
Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 11 22h2
Microsoft Windows 11 21h2
Microsoft Windows 10 1507
Microsoft Windows 10 1809
Microsoft Windows 10 21h1
Microsoft Windows 10 22h2
7.2
CVSSv2
CVE-2014-4971
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Acces...
Microsoft Windows Xp
4 EDB exploits
NA
CVE-2024-1155
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
7.2
CVSSv2
CVE-2017-0358
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
Tuxera Ntfs-3g
Debian Debian Linux 8.0
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »