Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-4107

Summary
Assigner-HCL
Assigner Org ID-1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At-19 May, 2022 | 21:25
Updated At-16 Sep, 2024 | 21:03
Rejected At-
Credits

HCL Domino is affected by an Insufficient Access Control vulnerability

HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:HCL
Assigner Org ID:1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At:19 May, 2022 | 21:25
Updated At:16 Sep, 2024 | 21:03
Rejected At:
▼CVE Numbering Authority (CNA)
HCL Domino is affected by an Insufficient Access Control vulnerability

HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.

Affected Products
Vendor
HCL Technologies Ltd.HCL Software
Product
HCL Domino
Versions
Affected
  • 9, 10 and 11
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Supported releases prior to 11.0.1 Fixpack 3 can use the following notes.ini setting to enable protection from this vulnerability: SharedMemoryAllowOnly=1 Note that enabling this protection can impact some activities, see additional information in article, KB0090343. https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090343

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221
x_refsource_MISC
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221
x_refsource_MISC
x_transferred
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@hcl.com
Published At:19 May, 2022 | 22:15
Updated At:20 Sep, 2022 | 19:20

HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

HCL Technologies Ltd.
hcltech
>>domino>>9.0
cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*
HCL Technologies Ltd.
hcltech
>>domino>>10.0
cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*
HCL Technologies Ltd.
hcltech
>>domino>>11.0
cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-284Secondarypsirt@hcl.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: psirt@hcl.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221psirt@hcl.com
Vendor Advisory
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221
Source: psirt@hcl.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

313Records found

CVE-2022-29871
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 6.29%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:36
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_platinum_8153xeon_platinum_8276latom_x6212receleron_j1750core_i7-8705gxeon_platinum_9222core_i7-8665uz270xeon_w-3245mxeon_gold_6230tcore_i3-8300tpentium_j2850xeon_gold_6146core_i7-8706gcore_i7-1068ng7xeon_gold_6126txeon_w-3225core_i5-1035g7core_i7-10850hxeon_gold_5115xeon_platinum_8170xeon_gold_6136hm570core_i5-8400hceleron_j1850core_i7-8700celeron_n6210core_i5-10400fcore_i5-8400wm490xeon_gold_6138core_i3-10300core_i7-10700txeon_gold_6246core_i7-8086kceleron_4305ucore_i5-10210uceleron_n2815xeon_platinum_8164core_i5-8257ucore_i7-8700kcore_i5-10200hxeon_gold_6234xeon_gold_6238rq150converged_security_management_engine_firmwarecore_i5-1035g4celeron_n2940core_i3-8145ucore_i5-10400hceleron_4205uceleron_n5105h670xeon_gold_5215core_i3-10100yceleron_j3455core_i5-10400tcore_i3-8109uxeon_gold_6262vxeon_platinum_8168core_i5-10310ucore_i5-10505c246core_i5-1030g7xeon_gold_5218celeron_n4500cm236hm370pentium_n6415xeon_silver_4109tcore_i3-1000g1core_i7-10510yxeon_gold_5215lxeon_silver_4215rceleron_j3160core_i3-10110uxeon_gold_6138fxeon_gold_5122celeron_n3150celeron_n4100xeon_silver_4210tceleron_n3060xeon_gold_6212ucore_i5-10400hm470core_i5-8400bxeon_silver_4114xeon_gold_6248rcore_i5-10500tecore_i3-10105fcore_i3-8100hhm670xeon_gold_6258rxeon_bronze_3104h110core_i5-l16g7core_i5-10300hceleron_n4120xeon_gold_6240xeon_gold_6240lxeon_gold_6238lxeon_gold_6250core_i5-8350ucore_i9-10980hkw580q270xeon_platinum_8156c236core_i5-8600core_i5-8500tcore_i7-10510uxeon_w-3265mceleron_n2840atom_x6214receleron_j4125core_i3-10100ecore_i3-8100core_i7-1060g7celeron_n2910core_i9-10900celeron_n2930h410h570pentium_n3510xeon_gold_6126fcore_i3-10100txeon_gold_5218tcore_i9-8950hkxeon_gold_6150core_i9-10900ecore_i9-10850kxeon_gold_5220rxeon_gold_6140qm480pentium_n3700core_i9-10900kh270core_i5-8600kxeon_platinum_8160fq470core_i9-10900fcore_i5-8400tpentium_n3520core_i7-8750hxeon_gold_6250lcore_i7-10700core_i5-8365uqm580celeron_j3060b150h510xeon_gold_6210uc252celeron_n3160core_i3-10100term590exeon_gold_6126core_i3-10105tcore_i9-10885hcore_i7-10700fcore_i3-10325pentium_n3540z690core_i7-10750hxeon_silver_4216xeon_gold_6230xeon_platinum_8253q470ecore_i3-8300core_i3-1000g4core_i7-10875hwm690xeon_silver_4116tatom_x6427feq370core_i7-8809gcore_i3-8145ueceleron_j4105xeon_gold_6142fcore_i3-l13g4core_i7-8700bcore_i7-8709gcore_i3-10100b560xeon_gold_6238celeron_j1800xeon_gold_6130celeron_j1900z590core_i3-8100tq670xeon_silver_4208celeron_n4505xeon_platinum_8260h170core_i5-10210yh310wm590core_i7-8557ub660core_i5-10500eatom_x5-e3930xeon_gold_5220sxeon_w-3275mceleron_j3355core_i7-8700tatom_x7-e3950xeon_platinum_9242core_i5-8300hxeon_platinum_9282core_i5-10600tcore_i3-10110yxeon_platinum_8280lcore_i5-10600kfxeon_silver_4110core_i7-8650uxeon_bronze_3204core_i7-10700eceleron_j3355exeon_gold_5119txeon_silver_4108xeon_gold_6130tatom_x6414rec242xeon_silver_4210xeon_gold_6246rz370celeron_n3700core_i7-10870hxeon_gold_5217w480core_i5-1035g1core_i5-1038ng7h420exeon_gold_6230nhm170xeon_w-3265xeon_gold_5218nz170xeon_bronze_3106xeon_gold_6138tcm246xeon_w-3245x299xeon_gold_5120celeron_n3350core_i5-8500bcore_i7-10700kceleron_n3050core_i5-8269uceleron_n5095pentium_silver_j5005core_i5-1030g4celeron_n3520core_i7-10700teceleron_n3000xeon_gold_5220xeon_platinum_8160tceleron_n2807core_i5-10500xeon_silver_4214ratom_x6425exeon_gold_6254pentium_j3710xeon_silver_4114tpentium_j2900xeon_gold_6240yq570xeon_gold_6154core_i7-10710uq670ecore_i7-10700kfh370xeon_gold_6208ucore_i5-8279uxeon_platinum_8268w480epentium_n3530core_i7-8565uxeon_gold_5222xeon_w-3275core_i5-8250uatom_x6425receleron_n2820core_i3-10305b365xeon_silver_4209txeon_silver_4116hm175xeon_gold_6252ncore_i5-8259uxeon_platinum_9221xeon_gold_6244xeon_platinum_8160celeron_n2805celeron_n2806atom_x6416rexeon_gold_6248core_i5-10600kqm170atom_x5-e3940r680eceleron_4305uecore_i3-8140uxeon_platinum_8280core_m3-8100ycore_i9-10900kfcore_i3-10105pentium_n4200q170xeon_gold_6148fb460xeon_gold_6132celeron_n3350exeon_platinum_8256xeon_gold_6152xeon_platinum_8158hm570ecore_i7-8550ucore_i5-10310yceleron_n3010atom_x6211exeon_gold_6222vpentium_j6426core_i5-10500hxeon_platinum_8176xeon_gold_6242core_i5-8260uceleron_n2808celeron_j4025pentium_j4205c422qm175core_i7-10810ub250xeon_gold_6142xeon_platinum_8260yxeon_platinum_8270celeron_j6413c256xeon_gold_6242rxeon_gold_6128xeon_silver_4215core_i7-8850hxeon_gold_5118xeon_gold_6130fcore_i7-10610ucore_i3-10100fw680core_i7-8500yceleron_n2920atom_x6413eb360core_i5-10600xeon_silver_4214xeon_platinum_8276xeon_gold_6238txeon_silver_4210rxeon_silver_4214ycore_i7\+8700core_i5-8210yceleron_n6211xeon_gold_5218bxeon_gold_6138pcore_i5-8365uecore_i7-8665uexeon_platinum_8176fceleron_n4000celeron_n2830celeron_j3455exeon_gold_6240rpentium_n4200ecore_i3-10320core_i9-10900tcore_i5-8200ycore_i3-10300tcore_i5-8310yceleron_n3450qm580eceleron_n5100pentium_n3710celeron_n4020core_i5-8500xeon_gold_6209uh610xeon_silver_4112qm370celeron_j6412xeon_w-3223xeon_gold_6226xeon_gold_6256celeron_n2810xeon_gold_5120txeon_gold_6230rxeon_w-3175xcore_i7-8569uxeon_gold_6252atom_x6200fexeon_gold_6134q250z490core_i5-8265ucore_i5-10500txeon_w-3235h610epentium_gold_5405uxeon_gold_5218rxeon_gold_6226rcore_i3-1005g1celeron_j4005xeon_bronze_3206rcore_i3-8100bcore_i3-10305tcore_i3-8350kxeon_gold_6148c232core_i5-8600tcore_i5-8305gxeon_gold_6144pentium_silver_j5040core_i7-1065g7xeon_platinum_8260lcm238core_i7-8559ucore_i9-10900texeon_platinum_8180z390c420core_i3-8130uh470xeon_gold_5220tIntel(R) CSME software installerintel_csme_software_installer
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-53010
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 0.11%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 05:52
Updated-28 Nov, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Core

Memory corruption may occur while attaching VM when the HLOS retains access to VM.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380qcs6490_firmwaresdx80msdx55snapdragon_888_5g_mobile_platform_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-ab\)_firmwareqca6310_firmwareqca6688aqqam8650psd670_firmwareqca6420_firmwarewcd9340_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_x72_5g_modem-rf_systemsa6155psnapdragon_870_5g_mobile_platform_\(sm8250-ac\)qamsrv1m_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresnapdragon_8\+_gen_2_mobile_platformsnapdragon_8cx_compute_platform_\(sc8180xp-ac\)_firmwareqfw7124_firmwareqcs8550snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmwareaqt1000qdx1011snapdragon_8cx_compute_platform_\(sc8180x-ab\)qep8111_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresm7325p_firmwareqam8255p_firmwarevision_intelligence_400_platformsrv1l_firmwaresnapdragon_x50_5g_modem-rf_systemsa8150p_firmwareqcm8550_firmwareqamsrv1h_firmwaresm4635_firmwaresd855wcd9341_firmwaresnapdragon_auto_5g_modem-rf_gen_2sd_8_gen1_5gsnapdragon_845_mobile_platformsnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmwareqam8295pssg2115pwcd9385_firmwareqcm6490_firmwaresa7255p_firmwaresnapdragon_x62_5g_modem-rf_systemqep8111qca6391sa8295p_firmwareqca6335_firmwareqca6584au_firmwareqcs6490snapdragon_x72_5g_modem-rf_system_firmwaresd_675_firmwaresnapdragon_x62_5g_modem-rf_system_firmwarewsa8810sc8380xp_firmwareqcm8550snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwarewsa8815sm7315snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)_firmwaresrv1hqcm4490_firmwaresnapdragon_855_mobile_platformqdu1010_firmwarewcd9326_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)snapdragon_778g_5g_mobile_platform_firmwareqca6421_firmwaresnapdragon_x32_5g_modem-rf_system_firmwaresm8550p_firmwareqru1062_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwareqca6574au_firmwaresd_8_gen1_5g_firmwarewcd9378snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\)sa8530pqca6595au_firmwaresnapdragon_8_gen_2_mobile_platformqdx1010wcn3980qca6584auqcn6274snapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)vision_intelligence_300_platform_firmwaresa8150psnapdragon_ar1_gen_1_platform_\"luna1\"_firmwareqca6797aqqam8650p_firmwareqcn6224_firmwareqca6564asa8155psnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)sa8540p_firmwarewcd9385wcd9380_firmwareqca9377_firmwareqca6574asnapdragon_675_mobile_platformwcd9340snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)qca6436wsa8845_firmwarewcd9341sa7255pqca6426_firmwarefastconnect_6200sd888sg8275p_firmwareqca8337_firmwaresnapdragon_x35_5g_modem-rf_systemwcn3988_firmwaresnapdragon_675_mobile_platform_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\)_firmwareqca6698aqsnapdragon_8c_compute_platform_\(sc8180x-ad\)_firmwarewsa8832aqt1000_firmwaresd675_firmwareqdu1210snapdragon_ar1_gen_1_platform_firmwareqsm8350_firmwaresnapdragon_7c\+_gen_3_computeqcn6224snapdragon_ar1_gen_1_platformsnapdragon_670_mobile_platform_firmwaresdx57m_firmwaresnapdragon_x24_lte_modemwcd9370qca8081_firmwareqcc710_firmwareqca6698aq_firmwarefastconnect_6800qca6574a_firmwarewsa8832_firmwaresa8650psxr2230p_firmwareqca6678aq_firmwareqsm8350sm7250psm8550pwcd9378_firmwareqca6431_firmwareqcn9274_firmwareqcs5430ssg2115p_firmwaresm7315_firmwarewsa8845h_firmwarewcd9395_firmwaresd670snapdragon_x35_5g_modem-rf_system_firmwarefastconnect_6900_firmwareqca6678aqsa9000pwsa8835_firmwaresa8295psnapdragon_888_5g_mobile_platformwcd9390ar8035sc8380xpqdx1011_firmwaresa8775p_firmwaresdx55_firmwarewcn3988qam8775psa8540pqca6696_firmwarevision_intelligence_300_platformvision_intelligence_400_platform_firmwareqca6797aq_firmwaresnapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6564au_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)_firmwaresa8650p_firmwaresnapdragon_678_mobile_platform_\(sm6150-ac\)qcn9011_firmwarerobotics_rb3_platform_firmwareqcs4490_firmwaresxr2250p_firmwaresnapdragon_780g_5g_mobile_platformsrv1mqcn9012_firmwarewcd9395sxr2250pqcn9012qcm4490qru1052sxr2330p_firmwarewsa8810_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmwareqdu1210_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-af\)qdu1110_firmwarewsa8840snapdragon_778g_5g_mobile_platformsxr1230pqdu1110qca9377wsa8840_firmwarefastconnect_6700_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresa8155_firmwaresnapdragon_782g_mobile_platform_\(sm7325-af\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-af\)_firmwareqdu1000fastconnect_6700sm7250p_firmwarewcn3950_firmwareqca6696wcn3980_firmwareqcm5430_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-ac\)sxr2330pqcs8550_firmwarewsa8845hqca6426qdx1010_firmwareqca6310snapdragon_780g_5g_mobile_platform_firmwaresdx57mqcn9011snapdragon_8\+_gen_1_mobile_platformssg2125p_firmwareqcn9274snapdragon_865_5g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)qam8295p_firmwaresnapdragon_x32_5g_modem-rf_systemsm7325pqcs9100qfw7114wcd9326snapdragon_4_gen_2_mobile_platformsnapdragon_x55_5g_modem-rf_systemqca6421wcd9370_firmwaresnapdragon_855_mobile_platform_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)snapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresnapdragon_8_gen_1_mobile_platformar8035_firmwaresrv1lwsa8845qdu1010sdx80m_firmwaresnapdragon_865_5g_mobile_platform_firmwaresa8155qamsrv1hqru1062snapdragon_845_mobile_platform_firmwareqca6574snapdragon_xr2_5g_platformwcn6740_firmwaresa8255p_firmwaresa6155sxr1230p_firmwaresd855_firmwaresnapdragon_782g_mobile_platform_\(sm7325-af\)sg8275psnapdragon_8\+_gen_1_mobile_platform_firmwaresnapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"fastconnect_7800_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)qru1052_firmwaresd675snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmwaresa7775psnapdragon_8c_compute_platform_\(sc8180xp-ad\)sxr2230psa8620p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_850_mobile_compute_platform_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)sa8770psrv1m_firmwarewcd9375qca6574_firmwaresnapdragon_x24_lte_modem_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqcs4490sa8620psnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)sa6145p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqca6430qca6595_firmwareqam8775p_firmwareqca6391_firmwareqdu1000_firmwaresd_8cx_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)_firmwaresnapdragon_x65_5g_modem-rf_systemwcn6740qca8081snapdragon_8_gen_3_mobile_platformqca6688aq_firmwaresd888_firmwaresnapdragon_850_mobile_compute_platformsa6155_firmwaresa7775p_firmwaresnapdragon_x75_5g_modem-rf_systemsa8775pwsa8815_firmwaresa9000p_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)wcd9390_firmwaresnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)fastconnect_6900qam8255pvideo_collaboration_vc3_platformqcn6274_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)qca6431fastconnect_6200_firmwarewsa8835sd_8cxsd865_5gfastconnect_6800_firmwarewcd9375_firmwarerobotics_rb3_platformqca6564auqam8620pqca6595auqcc710snapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresa6155p_firmwaressg2125pqamsrv1mwcn3950sxr2130_firmwaresrv1h_firmwarefastconnect_7800qfw7124sd_675sa6145psnapdragon_ar2_gen_1_platform_firmwareqcm5430qfw7114_firmwaretalynplusqru1032_firmwaresnapdragon_670_mobile_platformsnapdragon_x50_5g_modem-rf_system_firmwareqcs9100_firmwaresa8530p_firmwaresm4635snapdragon_8_gen_3_mobile_platform_firmwareqca6174a_firmwareqca6564a_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)_firmwareqca6174aqca6335qru1032qca8337snapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)wcn3990_firmwaretalynplus_firmwareqam8620p_firmwarewsa8830wcn3990wsa8830_firmwareqca6574auqca6430_firmwaresa8155p_firmwareqcs5430_firmwaresa8770p_firmwaresnapdragon_678_mobile_platform_\(sm6150-ac\)_firmwareqcm6490qca6420snapdragon_xr2_5g_platform_firmwaresd865_5g_firmwareqca6436_firmwareqca6595sxr2130sa8255pSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2022-28184
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.29% / 20.54%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 00:00
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpugpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-284
Improper Access Control
CVE-2022-27838
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.7||HIGH
EPSS-0.23% / 13.25%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-factorycameraFactoryCamera
CWE ID-CWE-284
Improper Access Control
CVE-2024-49600
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.40%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 14:56
Updated-04 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2024-49842
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 0.21%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Hypervisor

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresdm429w_firmwareqcm8550_firmwarerobotics_rb3sd865_5gqca6595sm8735wcd9370qca8081_firmwaresnapdragon_670_mobileqca6696qam8620p_firmwarewcn7880_firmwarewcd9340_firmwarewcd9341_firmwaresxr2330p_firmwarewcd9395_firmwarewcn7881_firmwarewcn7750qcc710_firmwareqca6426fastconnect_6700snapdragon_x50_5g_modem-rf_firmwarewsa8832_firmwaresnapdragon_wear_4100\+_firmwareqca8337qdu1110qca6426_firmwarewcd9395sc8180xp-aaabqca6574au_firmwaresnapdragon_x72_5g_modem-rfqam8295pwcd9341qca6574auwcd9390snapdragon_888\+_5g_mobile_firmwaresa8620p_firmwarewsa8810_firmwarewsa8845h_firmwaresa9000p_firmwaresc8180xp-acafsrv1hsnapdragon_850_mobile_computewcn3660b_firmwareqcs9100sdx80mfastconnect_6800_firmwareqcs5430wcn7860qcm5430qcm5430_firmwaresa8770psnapdragon_678_mobile_firmwaressg2115pqcc710snapdragon_x32_5g_modem-rf_firmwaresnapdragon_xr2_5g_firmwaresa8540pqsm8350_firmwaresnapdragon_wear_4100\+fastconnect_6900qru1032_firmwareqep8111sa7255pqfw7114wcd9385_firmwareqca6421qca6310qam8255p_firmwaresa8155_firmwareqca6335snapdragon_x65_5g_modem-rfwsa8845sa6155pqca6421_firmwaresc8180x-adqca6564au_firmwaresnapdragon_429_mobile_firmwarewsa8810qam8650pqdu1000_firmwaresa9000psrv1h_firmwaresnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobileqdu1010wcd9326_firmwaresa6155p_firmwaresnapdragon_845_mobile_firmwarewsa8840snapdragon_ar1_gen_1srv1m_firmwareqcs8550_firmwaresnapdragon_x35_5g_modem-rf_firmwareqdu1210_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6436_firmwaresm8750psnapdragon_x55_5g_modem-rf_firmwaresnapdragon_x62_5g_modem-rf_firmwareqmp1000qca6420wcd9370_firmwareqdu1110_firmwareqdu1000wcn3660bqca6574asnapdragon_x72_5g_modem-rf_firmwaresa7255p_firmwarewcn3620_firmwareqca6174awcd9340qdu1210snapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490sa8540p_firmwareqcm8550snapdragon_765_5g_mobile_firmwareqcn9274vision_intelligence_300_firmwaresa8775pqca6574sd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwaresa8775p_firmwareqamsrv1hsdx57mwsa8845hwcd9326sa8155p_firmwareqca6564asa8155psnapdragon_765g_5g_mobile_firmwarewsa8830sa6145psnapdragon_768g_5g_mobile_firmwaresa8255p_firmwarear8035qamsrv1m_firmwarewcn7750_firmwaresa8650p_firmwaresa6155wcn3620srv1l_firmwareqcs9100_firmwaresnapdragon_865\+_5g_mobile_firmwareqcn6224snapdragon_429_mobileqca6698aqwcn3950_firmwaresa7775p_firmwaressg2125p_firmwarefastconnect_6200sd670wcn3680bsc8180x-acaf_firmwarewcd9378qdx1011sa8150p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990robotics_rb3_firmwaresnapdragon_x75_5g_modem-rf_firmwaresd670_firmwaresnapdragon_8_gen_3_mobilesnapdragon_855_mobileqcs6490sc8180xp-acaf_firmwarefastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwarewsa8845_firmwarewsa8832wcd9378_firmwaresdx57m_firmwaresrv1lsxr2130_firmwaresrv1mqca6678aqsnapdragon_860_mobile_firmwaresnapdragon_x35_5g_modem-rfar8035_firmwaresc8180xp-aaab_firmwarewcn7860_firmwaresc8380xpsnapdragon_x62_5g_modem-rfqca6564ausc8180xp-adsc8280xp-abbbwsa8815_firmwareqca8337_firmwareqca9377_firmwareqcm6490_firmwaresm7250p_firmwareqru1032vision_intelligence_400_firmwarewcn3950snapdragon_870_5g_mobile_firmwaresm8750qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresa8295p_firmwaresnapdragon_870_5g_mobilesd_675_firmwaresnapdragon_678_mobilesm7250psc8180x-acafsa8155sd_8cx_firmwaresc8180x-ad_firmwareqca6584auqcn6274_firmwareqru1062_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_675_mobile_firmwaresnapdragon_768g_5g_mobilesc8380xp_firmwareqru1062qca6310_firmwaresnapdragon_845_mobilesnapdragon_8_gen_3_mobile_firmwarefastconnect_6800qfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesnapdragon_865_5g_mobile_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwareqmp1000_firmwaresnapdragon_xr2_5gwcn7880sa8150psxr2330psnapdragon_x24_lte_modemsc8180x-aaabsxr1230psc8180x-aaab_firmwarewcn7881video_collaboration_vc3_platformaqt1000qca6688aqqam8295p_firmwaresd855qca6431_firmwarewcn3990_firmwareqca6698aq_firmwareqca6564a_firmwarewcd9385snapdragon_888\+_5g_mobileqsm8350snapdragon_8_gen_1_mobilesa8255psxr1230p_firmwarewcd9390_firmwaresnapdragon_865\+_5g_mobileqep8111_firmwareqca6430snapdragon_855\+_mobilesnapdragon_765_5g_mobileqdx1011_firmwaresnapdragon_860_mobilesc8180xp-ad_firmwaresm8750_firmwaresdx55_firmwaressg2125pqru1052sxr2130snapdragon_x65_5g_modem-rf_firmwareqamsrv1mqca6174a_firmwarewcn7861_firmwarewcn7861snapdragon_x50_5g_modem-rfqam8650p_firmwaresnapdragon_670_mobile_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresdm429wqam8620psd855_firmwarewcn3980_firmwareqca6436qca6584au_firmwareqcn6274snapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqfw7124qca6595au_firmwareqdu1010_firmwareqcs8300_firmwareqca6696_firmwareqcs8300wcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqam8775pqca9377snapdragon_ar2_gen_1_firmwareqca6797aqsnapdragon_x75_5g_modem-rfsa8620pqca6574a_firmwaresdx55snapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwaresd675sd_8_gen1_5g_firmwarewcd9375_firmwaresa7775pqca6391snapdragon_ar1_gen_1_firmwareqcn9274_firmwareqcs5430_firmwaresnapdragon_x32_5g_modem-rfqru1052_firmwaresa8770p_firmwaresa8295pqcs8550sm8735_firmwaresc8280xp-abbb_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresm8750p_firmwarewcd9375qca6688aq_firmwarevision_intelligence_300snapdragon_ar2_gen_1snapdragon_765g_5g_mobileqamsrv1h_firmwaresd_675wsa8835_firmwaresdx80m_firmwaresd_8cxssg2115p_firmwarevision_intelligence_400wcn3980qdx1010wcn3680b_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2022-26091
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.10% / 1.12%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2019-1601
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.39% / 31.19%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 18:00
Updated-20 Nov, 2024 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_9000nexus_9500mds_9000nexus_5500nexus_5600nx-osnexus_3000nexus_6000nexus_3600nexus_7000nexus_2000nexus_7700MDS 9000 Series Multilayer SwitchesNexus 3600 Platform SwitchesNexus 3500 Platform SwitchesNexus 7000 and 7700 Series SwitchesNexus 9000 Series Switches-StandaloneNexus 2000, 5500, 5600, and 6000 Series SwitchesNexus 3000 Series SwitchesNexus 9500 R-Series Line Cards and Fabric Modules
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-43590
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.28%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017visual_studio_2022Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.11Visual C++ Redistributable InstallerMicrosoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
CWE ID-CWE-284
Improper Access Control
CVE-2024-43503
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.64% / 46.19%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-09 Jun, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft SharePoint Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server Subscription EditionMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016
CWE ID-CWE-284
Improper Access Control
CVE-2024-43530
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 38.72%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:53
Updated-08 Jul, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_23h2windows_server_2022windows_11_22h2windows_10_22h2Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 22H3
CWE ID-CWE-284
Improper Access Control
CVE-2022-27836
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.14% / 3.91%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-43492
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.48% / 37.87%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-autoupdateMicrosoft AutoUpdate for Mac
CWE ID-CWE-284
Improper Access Control
CVE-2022-23508
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.32% / 23.62%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 12:56
Updated-10 Mar, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GitOps Run allows for Kubernetes workload injection

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorized access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content. By leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster. There are no known workarounds for this issue, please upgrade. This vulnerability has been fixed by commits 75268c4 and 966823b. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. ### Workarounds There is no workaround for this vulnerability. ### References Disclosed by Paulo Gomes, Senior Software Engineer, Weaveworks. ### For more information If you have any questions or comments about this advisory: - Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops) - Email us at [support@weave.works](mailto:support@weave.works)

Action-Not Available
Vendor-weaveweaveworks
Product-weave_gitopsweave-gitops
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-41309
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.21% / 10.90%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 00:00
Updated-08 Aug, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.

Action-Not Available
Vendor-enjayworldn/aenjay
Product-enjay_crmn/acrm
CWE ID-CWE-284
Improper Access Control
CVE-2024-38195
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 39.96%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure CycleCloud Remote Code Execution Vulnerability

Azure CycleCloud Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_cyclecloudAzure CycleCloud 8.4.0Azure CycleCloud 8.4.1Azure CycleCloud 8.6.0Azure CycleCloud 8.0.2Azure CycleCloud 8.1.0Azure CycleCloud 8.2.2Azure CycleCloud 8.2.1Azure CycleCloud 8.0.0Azure CycleCloud 8.4.2Azure CycleCloud 8.2.0Azure CycleCloud 8.5.0Azure CycleCloudAzure CycleCloud 8.1.1Azure CycleCloud 8.0.1Azure CycleCloud 8.3.0
CWE ID-CWE-284
Improper Access Control
CVE-2024-38163
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.65% / 46.70%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 23:23
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_21h2windows_server_2022windows_10_22h2Windows 11 version 21H2Windows Server 2022Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2024-36488
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 5.85%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:11
Updated-04 Feb, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-driver_\&_support_assistantIntel(R) DSAdsa_software
CWE ID-CWE-284
Improper Access Control
CVE-2024-37289
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.63% / 45.74%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 21:22
Updated-16 Jun, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-apex_oneTrend Micro Apex OneTrend Micro Apex One as a Serviceapex_one
CWE ID-CWE-284
Improper Access Control
CVE-2024-37355
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.5||HIGH
EPSS-0.20% / 9.86%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:18
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Graphics software
CWE ID-CWE-284
Improper Access Control
CVE-2025-59199
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.92% / 89.08%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Software Protection Platform (SPP) Elevation of Privilege Vulnerability

Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2019-12670
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.31% / 23.18%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software 3.2.11aSG
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-35177
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.69%
||
7 Day CHG+0.01%
Published-03 Feb, 2025 | 21:35
Updated-16 Sep, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in wazuh-agent

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuhwazuh
CWE ID-CWE-284
Improper Access Control
CVE-2024-34543
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 3.13%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 16:38
Updated-23 Sep, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-raid_web_consoleIntel(R) RAID Web Console softwareraid_web_console
CWE ID-CWE-284
Improper Access Control
CVE-2022-21825
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.22% / 12.79%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-workspaceCitrix Workspace App for Linux
CWE ID-CWE-284
Improper Access Control
CVE-2024-33673
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.15%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 00:00
Updated-30 Jun, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-backup_execn/abackup_exec
CWE ID-CWE-284
Improper Access Control
CVE-2024-33027
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.10% / 0.91%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-20 Nov, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Linux

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwaresa8145p_firmwareqcs610315_5g_iot_modem_firmwaresnapdragon_x24_lte_modem_firmwareqca8337csra6620snapdragon_212_mobile_platformsnapdragon_860_mobile_platform_firmwarewcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresa6155video_collaboration_vc3_platformqca6335sd730_firmwarewcd9370csra6620_firmwarecsra6640_firmwareqca6564qcs6125_firmwarewcn3990_firmwareqca9377wcn3950wcd9326_firmwarefastconnect_6200wcn3660bsnapdragon_660_mobile_platform_firmwaresa8155snapdragon_429_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574au_firmwaresdx55_firmwarewcn3680b_firmwaresnapdragon_212_mobile_platform_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3610_firmwareqca6420snapdragon_429_mobile_platformqca6564au_firmwaresa6155p_firmwareqca6310snapdragon_855\+_firmwaresmart_audio_400_platform_firmwareqcs6125sa8155_firmwarerobotics_rb3_platform_firmwarevision_intelligence_300_platform_firmwarewcn3988_firmwareqca6430315_5g_iot_modemqcn9074robotics_rb3_platformsa6145p_firmwaresm6250c-v2x_9150snapdragon_678_mobile_platform_firmwaresnapdragon_720g_mobile_platformsa8195psnapdragon_855\+sxr1120wcd9340wsa8810_firmwarevision_intelligence_400_platformwcd9326wcd9335sa6155pqca6174a_firmwarewcd9341qca6696_firmwarewcd9375snapdragon_855_mobile_platform_firmwareaqt1000sa8150psnapdragon_210_processor_firmwaresm6250_firmwarevision_intelligence_400_platform_firmwaresd855_firmwaresd660wcn3620_firmwarewcn3988wsa8815_firmwaresd660_firmwarewcn3620sa8195p_firmwaresxr1120_firmwaresnapdragon_730_mobile_platform_firmwarewcn3610qcm6125_firmwaresnapdragon_675_mobile_platform_firmwaresnapdragon_845_mobile_platformqca8337_firmwarewcd9380_firmwarewcn3990sdm429wqca6595qca6564ausnapdragon_670_mobile_platform_firmwaresd670_firmwareqca6574sdm429w_firmwarewcd9380snapdragon_678_mobile_platformqcs410snapdragon_210_processorqca6574asmart_audio_400_platformqca6174avideo_collaboration_vc3_platform_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcn3980snapdragon_732g_mobile_platform_firmwareqca6335_firmwareqca6574_firmwarewcd9340_firmwaresd855wsa8815205_mobile_platform_firmwarewcn3660b_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_670_mobile_platformsnapdragon_730g_mobile_platformvision_intelligence_300_platformsnapdragon_x55_5g_modem-rf_system_firmwaresd730qca6391wcn3980_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresnapdragon_710_mobile_platformaqt1000_firmwaresnapdragon_845_mobile_platform_firmware215_mobile_platformar8031_firmwaresnapdragon_xr1_platformsnapdragon_660_mobile_platformvideo_collaboration_vc1_platform_firmwareqca6574ausa8155p_firmwaresd670wcd9341_firmwareqcm6125wsa8810snapdragon_x24_lte_modemsnapdragon_730g_mobile_platform_firmwareqcs610_firmwaresa6145psnapdragon_730_mobile_platformwcn3680bqca6564_firmwaresnapdragon_675_mobile_platformar8031qca6595_firmwaresa8145pqca6696205_mobile_platform215_mobile_platform_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_732g_mobile_platformwcd9370_firmwaresa6150psdx55snapdragon_x50_5g_modem-rf_systemsa8155pcsra6640video_collaboration_vc1_platformsnapdragon_860_mobile_platformqcn9074_firmwareqcs410_firmwaresnapdragon_720g_mobile_platform_firmwaresnapdragon_855_mobile_platformsnapdragon_xr1_platform_firmwareSnapdragonqca9377_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmware315_5g_iot_modem_firmwaresnapdragon_x24_lte_modem_firmwaresnapdragon_670_mobile_platform_firmwaresd670_firmwaresdm429w_firmwarewcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresnapdragon_xr1_platform_firmwaresd730_firmwarecsra6620_firmwarecsra6640_firmwareqcs6125_firmwarewcn3990_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6335_firmwarewcd9326_firmwareqca6574_firmwarewcd9340_firmwaresnapdragon_660_mobile_platform_firmwarewcn3660b_firmwaresnapdragon_429_mobile_platform_firmwareqca6574a_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwaresnapdragon_212_mobile_platform_firmwarewcd9375_firmwaresa6155_firmwarefastconnect_6200_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3610_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareaqt1000_firmwareqca6564au_firmwaresa6155p_firmwaresnapdragon_845_mobile_platform_firmwaresmart_audio_400_platform_firmwarear8031_firmwaresa8155_firmwarerobotics_rb3_platform_firmwarevision_intelligence_300_platform_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwarewsa8810_firmwarewcd9341_firmwareqcs610_firmwarequalcomm_215_mobile_platform_firmwareqca6174a_firmwarequalcomm_205_mobile_platform_firmwareqca6564_firmwareqca6696_firmwareqca6595_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresnapdragon_210_processor_firmwaresm6250_firmwarevision_intelligence_400_platform_firmwaresd855_firmwarewcn3620_firmwarewsa8815_firmwaresd660_firmwaresa8195p_firmwareqcn9074_firmwaresxr1120_firmwareqcs410_firmwaresnapdragon_720g_mobile_platform_firmwareqcm6125_firmwaresnapdragon_675_mobile_platform_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2022-2225
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-8.1||HIGH
EPSS-0.19% / 8.45%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 11:35
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zero Trust Secure Web Gateway policies bypass using WARP client subcommands

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-warpWARP
CWE ID-CWE-284
Improper Access Control
CVE-2024-31320
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.4||HIGH
EPSS-0.26% / 17.18%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:11
Updated-17 Dec, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CVE-2022-20762
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.25% / 16.58%
||
7 Day CHG~0.00%
Published-06 Apr, 2022 | 18:13
Updated-06 Nov, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ultra_cloud_core_-_subscriber_microservices_infrastructureCisco Ultra Cloud Core - Subscriber Microservices Infrastructure
CWE ID-CWE-284
Improper Access Control
CVE-2022-20716
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 11.13%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:15
Updated-06 Nov, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Solution Improper Access Control Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vedge_routersd-wansd-wan_solutionsd-wan_vedge_cloudsd-wan_vbond_orchestratorsd-wan_vsmart_controller_softwarecatalyst_sd-wan_managerCisco SD-WAN Solution
CWE ID-CWE-284
Improper Access Control
CVE-2024-28115
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.24% / 14.96%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 20:54
Updated-01 Oct, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.

Action-Not Available
Vendor-amazonFreeRTOSfreertos
Product-freertosFreeRTOS-Kernelfreertos-kernel
CWE ID-CWE-284
Improper Access Control
CVE-2022-20732
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.20% / 10.14%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 18:55
Updated-06 Nov, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-virtualized_infrastructure_managerCisco Virtualized Infrastructure Manager
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-49692
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 23.70%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_connected_machine_agentAzure Connected Machine Agent
CWE ID-CWE-284
Improper Access Control
CVE-2025-47993
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 25.02%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PC Manager Elevation of Privilege Vulnerability

Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_11_24h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-47962
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.42% / 69.64%
||
7 Day CHG+0.03%
Published-10 Jun, 2025 | 17:02
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SDK Elevation of Privilege Vulnerability

Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_software_development_kitWindows SDK
CWE ID-CWE-284
Improper Access Control
CVE-2024-27264
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.14% / 3.47%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 19:21
Updated-30 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Performance Tools for i privilege escalation

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-284
Improper Access Control
CVE-2024-26022
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.53%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-06 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-aptio_v_uefi_firmware_integrator_toolsIntel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUCuefi_integrator_tools_on_aptio_v_for_intel_nuc_lnxuefi_integrator_tools_on_aptio_v_for_intel_nuc_win
CWE ID-CWE-284
Improper Access Control
CVE-2024-24986
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.16% / 5.53%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-06 Sep, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_800_series_controllers_driverIntel(R) Ethernet Network Controllers and Adaptersethernet_complete_driver_pack
CWE ID-CWE-284
Improper Access Control
CVE-2019-10167
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.52% / 40.43%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 12:05
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Action-Not Available
Vendor-libvirtRed Hat, Inc.
Product-enterprise_linux_servervirtualizationenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_server_tusenterprise_linux_desktoplibvirtlibvirt
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-23360
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.09% / 0.61%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:05
Updated-09 Jan, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Windows

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830fastconnect_6900wsa8845wcd9380sc8380xp_firmwarewsa8835fastconnect_7800wcd9385_firmwarefastconnect_6900_firmwaresc8280xp-abbb_firmwarewcd9385fastconnect_6700fastconnect_6700_firmwaresnapdragon_7c\+_gen_3_computesc8280xp-abbbwsa8830_firmwarewsa8845h_firmwarewsa8840fastconnect_7800_firmwarewsa8845_firmwarewcd9380_firmwaresc8380xpwsa8835_firmwarewsa8840_firmwarewsa8845hsnapdragon_7c\+_gen_3_compute_firmwareSnapdragonsnapdragon_7c\+_gen_3_compute_firmwarefastconnect_7800_firmwarewsa8835_firmwarewsa8845_firmwarewsa8845h_firmwaresc8380xp_firmwarewsa8830_firmwarefastconnect_6900_firmwarewcd9385_firmwarefastconnect_6700_firmwarewsa8840_firmwarewcd9380_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2019-10161
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.52% / 40.10%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 22:14
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Action-Not Available
Vendor-LibvirtCanonical Ltd.Red Hat, Inc.
Product-ubuntu_linuxvirtualizationenterprise_linuxvirtualization_hostlibvirtlibvirt
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-10168
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.55% / 41.92%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 12:08
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Action-Not Available
Vendor-libvirtRed Hat, Inc.
Product-enterprise_linux_servervirtualizationenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_server_tusenterprise_linux_desktoplibvirtlibvirt
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-23351
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.14% / 3.40%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 14:32
Updated-16 Dec, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Linux

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwareqcm8550_firmwaresw5100pwsa8845_firmwarewsa8832snapdragon_480_5g_mobileqca6595srv1mqca6678aqwcd9370qca6696wcd9395_firmwaresnapdragon_8\+_gen_1_mobilefastconnect_6700qcs6125_firmwaresnapdragon_685_4g_mobilewsa8815_firmwarewsa8832_firmwaresa8195p_firmwarewcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwareqam8295pqcm4490_firmwareqca6574auwcd9390sa8620p_firmwarewcn3950wsa8810_firmwareqcs6125flight_rb5_5gsa9000p_firmwaresrv1hqca6797aq_firmwaretalynplus_firmwareqcs5430sa8295p_firmwareqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresa8770pqcm6125_firmwaressg2115psw5100_firmwaresnapdragon_8_gen_3_mobile_firmwareqca6595_firmwareqcs7230fastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformsa7255pwcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarerobotics_rb5_firmwarewcd9380qam8255psxr2230pqcs4490snapdragon_680_4g_mobilewsa8845sa6155pqcm6125sxr1230pwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresa9000psrv1h_firmwaresw5100video_collaboration_vc3_platformqca6595ausnapdragon_4_gen_1_mobile_firmwaresxr2250p_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840qam8295p_firmwaresrv1m_firmwareqcs8550_firmwaresnapdragon_8_gen_2_mobile_firmwareqca6698aq_firmwaresnapdragon_4_gen_2_mobile_firmwarewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_680_4g_mobile_firmwaresa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobilesg8275pwcd9370_firmwareflight_rb5_5g_firmwaressg2125psa7255p_firmwareqca6574asnapdragon_8\+_gen_2_mobileqcm4490sa8195pqcs8250_firmwaresnapdragon_480\+_5g_mobile_firmwareqamsrv1mrobotics_rb5talynplusqcm6490qam8650p_firmwarevideo_collaboration_vc5_platformsm8550p_firmwaresxr2250pqcm8550wcn3988qcs6490_firmwarewcn3980_firmwareqrb5165n_firmwareqca6574sa8775pwsa8835qca6595au_firmwareqca6391_firmwaresxr2230p_firmwarewsa8840_firmwaresw5100p_firmwaresa8775p_firmwareqamsrv1hqca6696_firmwarewcd9380_firmwareqca6574_firmwaresa8155p_firmwarewsa8815sg4150psa8155psd_8_gen1_5gwsa8830qam8775pqca6797aqsnapdragon_ar2_gen_1_firmwaresm8550pqcm4325_firmwaresa8620psa8255p_firmwareqca6574a_firmwaresnapdragon_4_gen_1_mobileqamsrv1m_firmwaresnapdragon_4_gen_2_mobilesa8650p_firmwareqcm4325sd_8_gen1_5g_firmwarewcd9375_firmwareqca6391qcs5430_firmwareqca6698aqsg4150p_firmwaressg2125p_firmwarewcn3950_firmwareqrb5165nsa8295psa8770p_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sa8650pqam8775p_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375snapdragon_ar2_gen_1wcn3988_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaressg2115p_firmwareqcs6490qcs8250snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilewcn3980fastconnect_6200_firmwarewsa8830_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqcm4490_firmwareqcm5430_firmwareqcs6125_firmwareqcs7230_firmwareqam8650p_firmwareqcm6125_firmwarerobotics_rb5_platform_firmwareqcm8550_firmwarefastconnect_6900_firmwareqca6698aq_firmwareqca6391_firmwareqcs8550_firmwareqrb5165n_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqam8255p_firmwarefastconnect_6700_firmwareqca6797aq_firmwareqcs5430_firmwareqam8295p_firmwareflight_rb5_5g_platform_firmwareqam8775p_firmwareqamsrv1h_firmwarefastconnect_7800_firmwareqcm4325_firmwareqcs6490_firmwareqca6595_firmwareqca6574a_firmwaresa6155p_firmwareqcm6490_firmwareqca6678aq_firmwareqca6574_firmwareqca6574au_firmwareqcs8250_firmwarequalcomm_video_collaboration_vc5_platform_firmwareqcs4490_firmwarefastconnect_6200_firmwareqca6595au_firmwareqca6696_firmwareqamsrv1m_firmwarequalcomm_video_collaboration_vc1_platform_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2019-10166
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.47% / 37.23%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 12:02
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

Action-Not Available
Vendor-libvirtRed Hat, Inc.
Product-enterprise_linux_servervirtualizationenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_server_tusenterprise_linux_desktoplibvirtlibvirt
CWE ID-CWE-284
Improper Access Control
CVE-2025-43270
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.20% / 10.40%
||
7 Day CHG+0.01%
Published-29 Jul, 2025 | 23:35
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may gain unauthorized access to Local Network.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2024-21418
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.73% / 49.58%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft CorporationThe Linux Foundation
Product-software_for_open_networking_in_the_cloudSoftware for Open Networking in the Cloud (SONiC)
CWE ID-CWE-284
Improper Access Control
CVE-2019-10127
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.32% / 23.29%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 18:52
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupMicrosoft Corporation
Product-windowspostgresqlpostgresql
CWE ID-CWE-284
Improper Access Control
CVE-2024-21436
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.72% / 49.42%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2019-1010316
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-7.8||HIGH
EPSS-0.31% / 22.59%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 19:25
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4.

Action-Not Available
Vendor-pyxtrlock_projectpyxtrlock
Product-pyxtrlockpyxtrlock
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found