Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-25749

Summary
Assigner-kubernetes
Assigner Org ID-a6081bf6-c852-4425-ad4f-a67919267565
Published At-24 May, 2023 | 00:00
Updated At-16 Jan, 2025 | 21:21
Rejected At-
Credits

runAsNonRoot logic bypass for Windows containers

Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:kubernetes
Assigner Org ID:a6081bf6-c852-4425-ad4f-a67919267565
Published At:24 May, 2023 | 00:00
Updated At:16 Jan, 2025 | 21:21
Rejected At:
▼CVE Numbering Authority (CNA)
runAsNonRoot logic bypass for Windows containers

Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

Affected Products
Vendor
KubernetesKubernetes
Product
Kubernetes
Versions
Affected
  • From kubelet v1.22.0 - v1.22.13 before v1.22.14 (custom)
  • From kubelet v1.23.0 - v1.23.10 before v1.23.11 (custom)
  • From kubelet v1.24.0 - v1.24.4 before v1.24.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

To mitigate these vulnerabilities, upgrade Kubernetes: https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster

Configurations
Workarounds
Exploits
Credits
Mark Rosetti (@marosset) of Microsoft
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA
N/A
Hyperlink: https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA
x_transferred
Hyperlink: https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jordan@liggitt.net
Published At:24 May, 2023 | 17:15
Updated At:01 Jun, 2023 | 13:14

Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.20.0(inclusive) to 1.21.0(inclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.22.0(inclusive) to 1.22.14(exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.23.0(inclusive) to 1.23.11(exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.24.0(inclusive) to 1.24.5(exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondaryjordan@liggitt.net
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: jordan@liggitt.net
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzAjordan@liggitt.net
Mailing List
Hyperlink: https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA
Source: jordan@liggitt.net
Resource:
Mailing List

Change History

0
Information is not available yet

Similar CVEs

193Records found
CVE-2023-1944
Matching Score-8
Assigner-Kubernetes
ShareView Details
Matching Score-8
Assigner-Kubernetes
CVSS Score-8.4||HIGH
EPSS-0.03% / 5.41%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-16 Jan, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
[minikube] ssh server with default password

This vulnerability enables ssh access to minikube container using a default password.

Action-Not Available
Vendor-Kubernetes
Product-minikubeminikube
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-4318
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.57%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 19:23
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cri-o: /etc/passwd tampering privesc

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

Action-Not Available
Vendor-Fedora ProjectRed Hat, Inc.Kubernetes
Product-cri-oopenshift_container_platform_ibm_z_systemsextra_packages_for_enterprise_linuxenterprise_linuxfedoraopenshift_container_platform_for_arm64openshift_container_platform_for_poweropenshift_container_platform_for_linuxoneRed Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4.11Red Hat OpenShift Container Platform 4.12
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE ID-CWE-913
Improper Control of Dynamically-Managed Code Resources
CVE-2016-1905
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.7||HIGH
EPSS-0.13% / 33.63%
||
7 Day CHG~0.00%
Published-03 Feb, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.

Action-Not Available
Vendor-n/aKubernetes
Product-kubernetesn/a
CWE ID-CWE-284
Improper Access Control
CVE-2022-2995
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 19:53
Updated-29 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Action-Not Available
Vendor-n/aKubernetes
Product-cri-ocri-o
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-2112
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-3.6||LOW
EPSS-0.04% / 8.63%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 08:05
Updated-28 Aug, 2024 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Desktop component allows lateral movement between sessions

Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Desktop
CWE ID-CWE-284
Improper Access Control
CVE-2023-20927
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.13%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-284
Improper Access Control
CVE-2024-27264
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 19:21
Updated-30 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Performance Tools for i privilege escalation

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-284
Improper Access Control
CVE-2023-20065
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.45%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_920-10sz-pdcatalyst_3850asr_907catalyst_9500hcatalyst_3850-16xs-scatalyst_3850-48pw-sasr_1000-esp200-xcatalyst_9300l-24t-4x-acatalyst_9300-48un-e4331_integrated_services_routercg522-easr_90064461_integrated_services_routercatalyst_9300-48p-acatalyst_9300-24s-aasr_901s-3sg-f-dasr_1000-esp100-xcatalyst_9300l-48t-4x-aasr_920-12sz-imcatalyst_8300catalyst_8500-4qccatalyst_3850-48u-lcatalyst_9800-80_wireless_controlleress-3300-ncp-acatalyst_8300-1n1s-6t8101-32fhcatalyst_9300l-24t-4g-easr_920-12cz-a_rcatalyst_3850-48xscatalyst_9800-clcatalyst_9300-48p-e1131_integrated_services_routercatalyst_9300-48t-ecatalyst_9600xcatalyst_3850-24xu-eess-3300-24t-con-e9800-40catalyst_9600catalyst_3850-48u-scatalyst_3850-16xs-ecatalyst_8510msrcatalyst_9200lcatalyst_3850-24xucatalyst_9300-48uxm-e1109_integrated_services_routercatalyst_9400catalyst_3850-48t-l1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_9600_supervisor_engine-1ess-3300-24t-con-acatalyst_9800-40catalyst_9300l-48p-4x-acatalyst_9800catalyst_9300-48u-aasr_902u1100-4p_integrated_services_routerasr_903asr_9920asr_9906catalyst_ie3200_rugged_switchcatalyst_3850-48t-ecg418-e1101_integrated_services_routerasr_920-24tz-m_r8101-32hasr_920-24sz-m_ress-3300-24t-ncp-acatalyst_3850-12s-sasr_9010asr_920-4sz-d_rcatalyst_3850-24u-sasr_99021100_integrated_services_routerasr_901-4c-ft-dcatalyst_9300l-24t-4x-ecatalyst_9800-40_wireless_controllerasr_1002-hx_rasr_1006-xasr_920-12cz-acatalyst_9300l-24p-4g-aess-3300-24t-ncp-easr_901-12c-ft-dcatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_3850-32xs-scatalyst_9500asr_9001asr_901s-3sg-f-ah4221_integrated_services_routercatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_ie3400_heavy_duty_switchcatalyst_3850-24s-scatalyst_9300-48s-easr_1002-xasr_920-12cz-d_r8800_18-slotcatalyst_9300lcatalyst_ie3400_rugged_switch4451-x_integrated_services_routercatalyst_3850-48p-scatalyst_ie9300catalyst_8510csrasr_1002-hx1109-2p_integrated_services_routercatalyst_9200cxasr_920-10sz-pd_rcatalyst_8200asr_1000-esp100catalyst_9300-48t-acatalyst_3850-12s-ecatalyst_8500asr_920u-12sz-im8831catalyst_3850-24t-easr_900asr_901-6cz-ft-a4321_integrated_services_routercatalyst_3850-24xs-scatalyst_8300-1n1s-4t2x8804catalyst_ie3300_rugged_switchasr_1000catalyst_3850-48p-lcatalyst_8300-2n2s-4t2xasr_920-12sz-im_r88081100-8p_integrated_services_routercatalyst_9410rcatalyst_3850-nm-8-10gasr_901-12c-f-dcatalyst_3850-12xs-easr_901s-2sg-f-ahcatalyst_8540csrcatalyst_3850-32xs-e1100-6g_integrated_services_routercatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-easr_9148202catalyst_3850-24p-scatalyst_3850-24u9800-lcatalyst_9300l_stackasr_920-12cz-dcatalyst_9300l-24p-4g-easr_920-4sz-d111x_integrated_services_routercatalyst_9800-l8201-32fhasr_1013catalyst_8540msrasr_920-24sz-imcatalyst_3850-nm-2-40gcbr-8catalyst_9300lmcatalyst_9300-24t-easr_9000vcatalyst_3850-48t-scatalyst_9407rcatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9800_embedded_wireless_controllercatalyst_9200catalyst_9300l-48p-4g-a1160_integrated_services_routercatalyst_9300l-48t-4g-aasr_920-24sz-mintegrated_services_virtual_routerasr_920-4sz-acatalyst_ie3200catalyst_3850-48p-ecatalyst_9800-80catalyst_8300-2n2s-6tasr_920-4sz-a_rcatalyst_9300l-48p-4x-eess-3300-con-aasr_901-6cz-ft-dasr_901-6cz-f-dess-3300-ncp-easr_9000catalyst_8500lcatalyst_9300-24s-ecatalyst_9300-48u-e1101-4p_integrated_services_routercatalyst_9300-48s-acatalyst_3850-24p-easr_1006catalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300asr_920-24sz-im_rcatalyst_3850-24xu-s4451_integrated_services_routerasr_9901catalyst_3850-24xs-ecatalyst_9400_supervisor_engine-1ess-3300-con-ecatalyst_ie3400catalyst_3850-24u-lcatalyst_9300l-24t-4g-a9800-clcatalyst_3850-48f-sasr_901-4c-f-d8800_8-slotasr_1001-hx_rcatalyst_9800-l-ccatalyst_3850-48f-e4000_integrated_services_router1000_integrated_services_routercatalyst_9300-48uxm-aasr_102388128818catalyst_9300-24p-aasr_1001esr6300catalyst_3850-48xs-easr_9904catalyst_9300-24u-acatalyst_3850-48uasr_1001-hxcatalyst_ie33008102-64hasr_1009-x8201catalyst_9300-24u-easr_901-6cz-f-acatalyst_3850-12x48ucatalyst_9300xcatalyst_9300-48un-aasr_1001-x_rasr_901-6cz-fs-dcatalyst_9300-24p-easr_1002-x_rasr_901s-4sg-f-dcatalyst_3850-48xs-f-easr_1002catalyst_9800-l-fasr_902asr_1004catalyst_9300l-48t-4x-ecatalyst_3850-24p-l1120_integrated_services_routercatalyst_3850-24xsasr_99038800_4-slotess9300-10x-e4431_integrated_services_router9800-80asr_901-6cz-fs-acatalyst_3850-24u-ecatalyst_3850-48xs-sios_xe1111x-8p_integrated_services_routerasr_9910asr_9912asr_99221109-4p_integrated_services_router8800_12-slotasr_1001-xasr_901s-2sg-f-dcatalyst_9300-24ux-e4351_integrated_services_routerasr_920-24tz-mCisco IOS XE Software
CWE ID-CWE-284
Improper Access Control
CVE-2023-1489
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.65%
||
7 Day CHG~0.00%
Published-18 Mar, 2023 | 21:31
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lespeed WiseCleaner Wise System Monitor IoControlCode WiseHDInfo64.dll 0x9C402088 access control

A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is the function 0x9C402088 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375.

Action-Not Available
Vendor-wisecleanerLespeed
Product-wise_system_monitorWiseCleaner Wise System Monitor
CWE ID-CWE-284
Improper Access Control
CVE-2024-28115
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 20:54
Updated-01 Oct, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.

Action-Not Available
Vendor-amazonFreeRTOSfreertos
Product-freertosFreeRTOS-Kernelfreertos-kernel
CWE ID-CWE-284
Improper Access Control
CVE-2023-20224
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.34%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 21:43
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient input validation of user-supplied CLI arguments. An attacker could exploit this vulnerability by authenticating to an affected device and using crafted commands at the prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. The attacker must have valid credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-thousandeyes_enterprise_agentCisco ThousandEyes Recorder Application
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2016-10408
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.23%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:56
Updated-09 Jan, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Core.

QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-9206_lte_modemsd820_firmwareapq8037_firmwaresd626_firmware9206_lte_modem_firmwaresd626apq8037sd820sd821sd821_firmwareSnapdragonsd626_firmware9206_lte_modem_firmwaresd820_firmwareapq8037_firmwaresd821_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2024-26022
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.5||HIGH
EPSS-0.03% / 7.23%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-06 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-aptio_v_uefi_firmware_integrator_toolsIntel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUCuefi_integrator_tools_on_aptio_v_for_intel_nuc_lnxuefi_integrator_tools_on_aptio_v_for_intel_nuc_win
CWE ID-CWE-284
Improper Access Control
CVE-2023-1007
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 48.01%
||
7 Day CHG~0.00%
Published-24 Feb, 2023 | 10:23
Updated-02 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Twister Antivirus IoControlCode filmfd.sys 0x801120E4 access control

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.

Action-Not Available
Vendor-filseclabTwister
Product-twister_antivirusAntivirus
CWE ID-CWE-284
Improper Access Control
CVE-2024-23351
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.08% / 25.13%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 14:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Linux

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwareqcm8550_firmwaresw5100pwsa8845_firmwarewsa8832snapdragon_480_5g_mobileqca6595srv1mqca6678aqwcd9370qca6696wcd9395_firmwaresnapdragon_8\+_gen_1_mobilefastconnect_6700qcs6125_firmwaresnapdragon_685_4g_mobilewsa8815_firmwarewsa8832_firmwaresa8195p_firmwarewcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwareqam8295pqcm4490_firmwareqca6574auwcd9390sa8620p_firmwarewcn3950wsa8810_firmwareqcs6125flight_rb5_5gsa9000p_firmwaresrv1hqca6797aq_firmwaretalynplus_firmwareqcs5430sa8295p_firmwareqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresa8770pqcm6125_firmwaressg2115psw5100_firmwaresnapdragon_8_gen_3_mobile_firmwareqca6595_firmwareqcs7230fastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformsa7255pwcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarerobotics_rb5_firmwarewcd9380qam8255psxr2230pqcs4490snapdragon_680_4g_mobilewsa8845sa6155pqcm6125sxr1230pwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresa9000psrv1h_firmwaresw5100video_collaboration_vc3_platformqca6595ausnapdragon_4_gen_1_mobile_firmwaresxr2250p_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840qam8295p_firmwaresrv1m_firmwareqcs8550_firmwaresnapdragon_8_gen_2_mobile_firmwareqca6698aq_firmwaresnapdragon_4_gen_2_mobile_firmwarewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_680_4g_mobile_firmwaresa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobilesg8275pwcd9370_firmwareflight_rb5_5g_firmwaressg2125psa7255p_firmwareqca6574asnapdragon_8\+_gen_2_mobileqcm4490sa8195pqcs8250_firmwaresnapdragon_480\+_5g_mobile_firmwareqamsrv1mrobotics_rb5talynplusqcm6490qam8650p_firmwarevideo_collaboration_vc5_platformsm8550p_firmwaresxr2250pqcm8550wcn3988qcs6490_firmwarewcn3980_firmwareqrb5165n_firmwareqca6574sa8775pwsa8835qca6595au_firmwareqca6391_firmwaresxr2230p_firmwarewsa8840_firmwaresw5100p_firmwaresa8775p_firmwareqamsrv1hqca6696_firmwarewcd9380_firmwareqca6574_firmwaresa8155p_firmwarewsa8815sg4150psa8155psd_8_gen1_5gwsa8830qam8775pqca6797aqsnapdragon_ar2_gen_1_firmwaresm8550pqcm4325_firmwaresa8620psa8255p_firmwareqca6574a_firmwaresnapdragon_4_gen_1_mobileqamsrv1m_firmwaresnapdragon_4_gen_2_mobilesa8650p_firmwareqcm4325sd_8_gen1_5g_firmwarewcd9375_firmwareqca6391qcs5430_firmwareqca6698aqsg4150p_firmwaressg2125p_firmwarewcn3950_firmwareqrb5165nsa8295psa8770p_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sa8650pqam8775p_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375snapdragon_ar2_gen_1wcn3988_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaressg2115p_firmwareqcs6490qcs8250snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilewcn3980fastconnect_6200_firmwarewsa8830_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqam8255p_firmwarequalcomm_video_collaboration_vc1_platform_firmwarerobotics_rb5_platform_firmwaresa6155p_firmwareqcm4490_firmwareqcm8550_firmwareqca6678aq_firmwareqcs4490_firmwareqcm6490_firmwarefastconnect_6900_firmwareqcs7230_firmwareqcs8550_firmwareqca6797aq_firmwareflight_rb5_5g_platform_firmwarefastconnect_6700_firmwareqcs8250_firmwarefastconnect_7800_firmwareqca6595au_firmwareqamsrv1m_firmwareqca6698aq_firmwareqcm5430_firmwareqcs6125_firmwareqam8650p_firmwareqam8775p_firmwareqrb5165n_firmwareqca6696_firmwareqca6595_firmwareqcs6490_firmwareqcs5430_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6391_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwarequalcomm_video_collaboration_vc5_platform_firmwareqam8295p_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwareqcm6125_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2024-23360
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.07% / 21.60%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:05
Updated-09 Jan, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Windows

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830fastconnect_6900wsa8845wcd9380sc8380xp_firmwarewsa8835fastconnect_7800wcd9385_firmwarefastconnect_6900_firmwaresc8280xp-abbb_firmwarewcd9385fastconnect_6700fastconnect_6700_firmwaresnapdragon_7c\+_gen_3_computesc8280xp-abbbwsa8830_firmwarewsa8845h_firmwarewsa8840fastconnect_7800_firmwarewsa8845_firmwarewcd9380_firmwaresc8380xpwsa8835_firmwarewsa8840_firmwarewsa8845hsnapdragon_7c\+_gen_3_compute_firmwareSnapdragonsnapdragon_7c\+_gen_3_compute_firmwarefastconnect_7800_firmwarewsa8835_firmwarewsa8845_firmwarewsa8845h_firmwaresc8380xp_firmwarewsa8830_firmwarefastconnect_6900_firmwarewcd9385_firmwarefastconnect_6700_firmwarewsa8840_firmwarewcd9380_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2024-21436
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.96%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-53729
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.10%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-26 Aug, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Azure File Sync Elevation of Privilege Vulnerability

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_file_syncAzure File Sync
CWE ID-CWE-284
Improper Access Control
CVE-2024-21103
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.34%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-13 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-284
Improper Access Control
CVE-2024-21418
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 67.72%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft CorporationThe Linux Foundation
Product-software_for_open_networking_in_the_cloudSoftware for Open Networking in the Cloud (SONiC)
CWE ID-CWE-284
Improper Access Control
CVE-2025-50777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.26%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 00:00
Updated-06 Aug, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems.

Action-Not Available
Vendor-aziotn/a
Product-2mp_full_hd_smart_wi-fi_cctv_home_security_camera2mp_full_hd_smart_wi-fi_cctv_home_security_camera_firmwaren/a
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-0025
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 21:03
Updated-17 Dec, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-284
Improper Access Control
CVE-2025-47962
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.98%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SDK Elevation of Privilege Vulnerability

Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_software_development_kitWindows SDK
CWE ID-CWE-284
Improper Access Control
CVE-2025-47993
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.82%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PC Manager Elevation of Privilege Vulnerability

Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_11_24h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2025-47161
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.49% / 80.23%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 19:21
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability

Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_endpointMicrosoft Defender for Endpoint for Linux
CWE ID-CWE-284
Improper Access Control
CVE-2023-52711
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 06:19
Updated-17 Jan, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-curiem-wfg9b_firmwarecuriem-wfg9bCurieM-WFG9Bcuriem-wfg9b
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-52712
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 06:22
Updated-17 Jan, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-curiem-wfg9b_firmwarecuriem-wfg9bCurieM-WFG9B
CWE ID-CWE-284
Improper Access Control
CVE-2020-25238
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.12%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_process_control_system_neototally_integrated_automation_portalPCS neo (Administration Console)TIA Portal
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-32714
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.98%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 22H2Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2022-43702
Matching Score-4
Assigner-Arm Limited
ShareView Details
Matching Score-4
Assigner-Arm Limited
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 21:47
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete verification of installation file signature

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

Action-Not Available
Vendor-Arm Limited
Product-ds_development_studioarm_compilerfast_modelsarm_compiler_for_embedded_fusaarm_development_studioarm_compiler_for_functional_safetyArm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-284
Improper Access Control
CVE-2023-43086
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.81%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 06:27
Updated-02 Aug, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-43748
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.64%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzers_frameworkIntel(R) GPA Framework software installersgraphics_performance_analyzer
CWE ID-CWE-284
Improper Access Control
CVE-2023-44282
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:16
Updated-29 Aug, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-43072
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 8.15%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 17:47
Updated-19 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_storage_softwareDell SmartFabric Storage Software
CWE ID-CWE-284
Improper Access Control
CVE-2023-44290
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.06%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 06:46
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-command\|monitorDell Command Monitor (DCM)
CWE ID-CWE-284
Improper Access Control
CVE-2023-44289
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.06%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 06:41
Updated-05 Jun, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-284
Improper Access Control
CVE-2021-26360
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.62%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:44
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_softwareradeon_rx_6800mradeon_rx_6500_xtradeon_pro_w6600mradeon_rx_6300mradeon_rx_6750_xtradeon_rx_6800radeon_pro_w6800radeon_rx_6900_xtradeon_rx_6600sradeon_pro_w6600radeon_rx_6650m_xtradeon_pro_w6900xradeon_pro_w6400radeon_rx_6500mradeon_rx_6800sradeon_rx_6950_xtradeon_rx_6600_xtradeon_rx_6600mradeon_rx_6700mradeon_rx_6700_xtradeon_pro_w6800x_duoradeon_pro_softwareradeon_rx_6700radeon_rx_6850m_xtradeon_rx_6700sradeon_pro_w6800xradeon_rx_6650mradeon_rx_6800_xtenterprise_driverradeon_rx_6400radeon_rx_6600radeon_pro_w6300mradeon_rx_6650_xtradeon_pro_w6600xradeon_pro_w6500mAMD Radeon RX 6000 Series & PRO W6000 Series
CWE ID-CWE-284
Improper Access Control
CVE-2023-39253
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.87%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 06:20
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_toolDell OS Recovery Tool
CWE ID-CWE-284
Improper Access Control
CVE-2023-40071
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.47%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzersIntel(R) GPA software installers
CWE ID-CWE-284
Improper Access Control
CVE-2023-40161
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 19.59%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-23 Oct, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-uniteIntel Unite(R) Client software
CWE ID-CWE-284
Improper Access Control
CVE-2021-25349
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.61%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:09
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidslow_motion_editorSlow Motion Editor
CWE ID-CWE-284
Improper Access Control
CVE-2021-25440
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:48
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-factorycamerafbFactoryCameraFB
CWE ID-CWE-284
Improper Access Control
CVE-2021-25438
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.90%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:47
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidmembersSamsung Members
CWE ID-CWE-284
Improper Access Control
CVE-2025-27744
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-09 Jul, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeMicrosoft Office 2016
CWE ID-CWE-284
Improper Access Control
CVE-2025-27062
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.15%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:26
Updated-06 Aug, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Automotive Multimedia

Memory corruption while handling client exceptions, allowing unauthorized channel access.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2025-27689
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.81%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 20:36
Updated-16 Jun, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-iDRAC Tools
CWE ID-CWE-284
Improper Access Control
CVE-2025-24917
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.01%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 15:59
Updated-28 May, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control leads to Local Privilege Escalation

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation.

Action-Not Available
Vendor-Tenable, Inc.
Product-Network Monitor
CWE ID-CWE-284
Improper Access Control
CVE-2023-36790
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.06%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2025-23365
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-21 Aug, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code.

Action-Not Available
Vendor-Siemens AG
Product-tia_administratorTIA Administrator
CWE ID-CWE-284
Improper Access Control
CVE-2021-22907
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.15%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 11:14
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-workspaceCitrix Workspace App for Windows
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found