Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-26360

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-09 Nov, 2022 | 20:44
Updated At-01 May, 2025 | 14:12
Rejected At-
Credits

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:09 Nov, 2022 | 20:44
Updated At:01 May, 2025 | 14:12
Rejected At:
▼CVE Numbering Authority (CNA)

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon RX 6000 Series & PRO W6000 Series
Versions
Affected
  • From AMD Radeon Software before 22.5.2 (custom)
  • From AMD Radeon Pro Software Enterprise before 22.Q2 (custom)
  • From Enterprise Driver before 22.10.20 (custom)
Problem Types
TypeCWE IDDescription
textN/ATBD
Type: text
CWE ID: N/A
Description: TBD
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
N/A
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:09 Nov, 2022 | 21:15
Updated At:01 May, 2025 | 15:15

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Advanced Micro Devices, Inc.
amd
>>enterprise_driver>>Versions before 22.10.20(exclusive)
cpe:2.3:a:amd:enterprise_driver:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_software>>Versions before 22.q2(exclusive)
cpe:2.3:a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_software>>Versions before 22.5.2(exclusive)
cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_w6300m>>-
cpe:2.3:h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_w6400>>-
cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_w6500m>>-
cpe:2.3:h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_w6600>>-
cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_w6600m>>-
cpe:2.3:h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_w6600x>>-
cpe:2.3:h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_w6800>>-
cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_w6800x>>-
cpe:2.3:h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_w6800x_duo>>-
cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_pro_w6900x>>-
cpe:2.3:h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6300m>>-
cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6400>>-
cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6500_xt>>-
cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6500m>>-
cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6600>>-
cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6600_xt>>-
cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6600m>>-
cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6600s>>-
cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6650_xt>>-
cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6650m>>-
cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6650m_xt>>-
cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6700>>-
cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6700_xt>>-
cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6700m>>-
cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6700s>>-
cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6750_xt>>-
cpe:2.3:h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6800>>-
cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6800_xt>>-
cpe:2.3:h:amd:radeon_rx_6800_xt:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6800m>>-
cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6800s>>-
cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6850m_xt>>-
cpe:2.3:h:amd:radeon_rx_6850m_xt:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6900_xt>>-
cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_rx_6950_xt>>-
cpe:2.3:h:amd:radeon_rx_6950_xt:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029psirt@amd.com
Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
Source: psirt@amd.com
Resource:
Vendor Advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

253Records found
CVE-2021-26392
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.31%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:44
Updated-16 Sep, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xradeon_pro_w5500xamd_3020e_firmwareryzen_5_3580uradeon_rx_vega_64ryzen_3_pro_3200ge_firmwareathlon_silver_3050u_firmwareathlon_silver_3050e_firmwareryzen_3_3250cradeon_rx_6600ryzen_3_3100_firmwareamd_3015eryzen_9_3900xradeon_rx_5300ryzen_9_5900x_firmwareryzen_5_pro_3350ge_firmwareradeon_rx_vega_56ryzen_5_2500uathlon_gold_3150c_firmwareryzen_9_5980hxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900_firmwareryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_5_3600xt_firmwareryzen_3_5300geryzen_3_2300uryzen_5_3600x_firmwareryzen_7_3750h_firmwareradeon_rx_6700sryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960xradeon_rx_5700mamd_3020eryzen_threadripper_pro_3975wxathlon_pro_3145bryzen_5_5560uryzen_3_2200g_firmwareradeon_rx_5700ryzen_threadripper_pro_5945wxryzen_3_pro_3200geryzen_3_pro_3200g_firmwareryzen_5_2500u_firmwareradeon_rx_5700_xtryzen_3_3100ryzen_3_pro_3200gryzen_7_3750hradeon_rx_5500mryzen_7_5700u_firmwareryzen_3_2200u_firmwareathlon_silver_3050eryzen_3_3200gryzen_7_3780uryzen_9_5900hsryzen_3_2200uradeon_rx_6500_xtryzen_3_3250c_firmwareradeon_rx_6950_xtryzen_7_5700gryzen_9_5980hsryzen_5_2400geryzen_7_3700cryzen_5_pro_3350g_firmwareryzen_7_3800xt_firmwareryzen_5_5500u_firmwareryzen_7_5800h_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xenterprise_driverradeon_pro_softwareryzen_5_2600hryzen_5_3500uradeon_rx_5600mryzen_5_5500ryzen_7_2700uryzen_3_5400uradeon_softwareathlon_pro_3045bryzen_7_2800hryzen_5_5600_firmwareryzen_7_5800xryzen_5_3550hradeon_rx_6700ryzen_threadripper_3990x_firmwareryzen_7_3780u_firmwareryzen_9_3900radeon_rx_6400radeon_rx_6800athlon_silver_3050c_firmwareryzen_5_5600x_firmwareryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_7_5800x3dryzen_3_5300gryzen_9_5900ryzen_5_pro_3350gryzen_5_5600ge_firmwareryzen_9_5980hs_firmwareryzen_threadripper_3990xryzen_5_3500c_firmwareryzen_5_3400g_firmwareryzen_5_5600hs_firmwareathlon_gold_3150uryzen_3_3350u_firmwareradeon_pro_w6800xradeon_rx_5600_xtryzen_threadripper_pro_5955wxryzen_5_5500uryzen_3_5400u_firmwareryzen_5_5600h_firmwareathlon_silver_3050cryzen_7_5800ryzen_3_3300u_firmwareradeon_rx_6600sryzen_7_3800xryzen_5_2400ge_firmwareryzen_5_2400gradeon_rx_6800sryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_5_3580u_firmwareryzen_3_2200geryzen_5_3500cryzen_3_3300x_firmwareryzen_5_5600hryzen_5_pro_3400g_firmwareryzen_9_3900xt_firmwareryzen_3_5300u_firmwareryzen_3_3300uryzen_3_5300uryzen_threadripper_pro_5945wx_firmwareradeon_rx_6900_xtryzen_5_5600gryzen_5_3600xtryzen_5_3500x_firmwareryzen_9_3900xtryzen_5_3550h_firmwareradeon_pro_w6400ryzen_5_5600uryzen_threadripper_pro_5975wxathlon_pro_3045b_firmwareryzen_3_2300u_firmwareradeon_rx_5500radeon_pro_w5700ryzen_9_5900hx_firmwareryzen_5_3500xryzen_9_5950x_firmwareryzen_5_5600geradeon_rx_5300_xtryzen_7_3700u_firmwareryzen_7_5800x_firmwareryzen_3_5300ge_firmwareryzen_7_2700u_firmwareryzen_5_pro_3400gryzen_7_5700geryzen_5_3450uradeon_rx_6850m_xtryzen_3_2200ge_firmwareradeon_rx_6600_xtradeon_rx_6650_xtryzen_7_3800x_firmwareathlon_pro_3145b_firmwareryzen_7_2800h_firmwareryzen_5_pro_3350geradeon_pro_w6600mryzen_7_5700uradeon_pro_w6600xryzen_threadripper_pro_3945wx_firmwareamd_3015ce_firmwareryzen_9_5900hs_firmwareradeon_pro_w6600ryzen_5_5600u_firmwareryzen_5_3600xryzen_3_3200g_firmwareradeon_rx_6800_xtryzen_7_3800xtryzen_7_5700g_firmwareryzen_threadripper_pro_5975wx_firmwareryzen_9_3950x_firmwareradeon_pro_w6900xryzen_threadripper_pro_3995wxradeon_rx_5300mradeon_pro_w6800radeon_rx_6600mradeon_pro_w5700xryzen_7_3700c_firmwareradeon_rx_6750_xtryzen_7_5700x_firmwareryzen_3_5300g_firmwareryzen_threadripper_pro_3955wxradeon_rx_5500_xtryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_7_3700uathlon_silver_3050uryzen_3_3350uryzen_5_3500_firmwareryzen_3_2200gryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareradeon_rx_6300mamd_3015ceryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareradeon_rx_6800mryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxradeon_rx_vega_56_firmwareradeon_rx_vega_64_firmwareryzen_7_5800uryzen_9_5900hxradeon_pro_w6800x_duoradeon_rx_6650mradeon_rx_6650m_xtradeon_rx_6700_xtryzen_5_5600g_firmwareathlon_gold_3150cradeon_rx_6700mryzen_3_3250uryzen_5_2400g_firmwareathlon_gold_3150u_firmwareradeon_pro_w5500ryzen_5_pro_3400geryzen_9_3950xradeon_rx_5600ryzen_5_5600ryzen_threadripper_3970xryzen_5_3500ryzen_7_5800hradeon_pro_w6500mryzen_5_3450u_firmwareamd_3015e_firmwareryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_3_3250u_firmwareryzen_5_3500u_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_5_pro_3400ge_firmwareryzen_7_5800hs_firmwareryzen_threadripper_pro_5995wx_firmwareradeon_pro_w6300mradeon_rx_6500mryzen_7_5700ge_firmwareryzen_7_5700xAMD Radeon RX 5000 Series & PRO W5000 SeriesAMD Ryzen™ Embedded V2000AMD Ryzen™Embedded V3000AMD Ryzen™ Embedded V1000AMD Ryzen™ Embedded 5000AMD Radeon RX 6000 Series & PRO W6000 SeriesAMD Ryzen™ Embedded R2000AMD Ryzen™ Embedded R1000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26391
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.13%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:44
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_rx_5500mradeon_rx_5700radeon_rx_6800mryzen_5_5600hsradeon_pro_w6600mryzen_5_5600hs_firmwareryzen_7_5700ge_firmwareradeon_rx_vega_56_firmwareradeon_rx_6300mryzen_9_5980hsradeon_rx_6750_xtradeon_pro_w5700xradeon_rx_6800radeon_pro_w6800ryzen_3_5300geryzen_5_5560u_firmwareryzen_5_5600ge_firmwareradeon_pro_w5500xradeon_rx_6600sryzen_5_5600gryzen_7_5800h_firmwareradeon_pro_w6600radeon_rx_6650m_xtradeon_pro_w6900xryzen_9_5900hx_firmwareryzen_7_5700g_firmwareradeon_rx_6800sryzen_3_5300gryzen_7_5800hradeon_rx_6950_xtryzen_9_5980hx_firmwareradeon_rx_6700mradeon_rx_5300ryzen_5_5600u_firmwareradeon_rx_6700_xtradeon_rx_5300mryzen_3_5300uryzen_5_5500uradeon_rx_vega_56ryzen_9_5900hs_firmwareradeon_rx_6800_xtradeon_pro_w6800xryzen_3_5400uryzen_5_5600g_firmwareradeon_rx_6400radeon_rx_5700mradeon_rx_5500_xtryzen_7_5800hs_firmwareradeon_pro_w6300mradeon_rx_6650_xtradeon_softwareradeon_pro_w5500ryzen_7_5700uryzen_9_5900hxradeon_rx_6500_xtradeon_rx_vega_64radeon_rx_5600radeon_rx_5600_xtryzen_5_5560uryzen_3_5400u_firmwareryzen_9_5980hs_firmwareradeon_pro_w5700ryzen_5_5600h_firmwareradeon_rx_6900_xtradeon_rx_5300_xtradeon_rx_5500ryzen_5_5600geradeon_pro_w6400radeon_rx_6500mryzen_3_5300ge_firmwareryzen_7_5800uryzen_3_5300g_firmwareradeon_rx_vega_64_firmwareryzen_7_5700gradeon_rx_6600_xtradeon_rx_6600mryzen_5_5500u_firmwareryzen_9_5980hxradeon_pro_w6800x_duoradeon_pro_softwareradeon_rx_5700_xtryzen_7_5800hsryzen_5_5600uradeon_rx_6700ryzen_7_5700u_firmwareradeon_rx_5600mradeon_rx_6700sradeon_rx_6650mryzen_3_5300u_firmwareenterprise_driverryzen_7_5800u_firmwareradeon_rx_6600ryzen_9_5900hsryzen_5_5600hradeon_rx_6850m_xtradeon_pro_w6600xryzen_7_5700geradeon_pro_w6500mAMD Radeon RX 5000 Series & PRO W5000 SeriesAMD Radeon RX 6000 Series & PRO W6000 Series
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-26409
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.52%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-09 Apr, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-milanpi_firmwaremilanpi3rd Gen EPYC
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-26386
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.26%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 18:28
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_5800x_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_5600gryzen_9_3900xryzen_5_2500uryzen_9_5980hxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_3_2300uryzen_7_5825uryzen_7_5825u_firmwareryzen_5_5700geryzen_5_3600x_firmwareryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_threadripper_pro_3975wxryzen_5900xryzen_5_5560uryzen_5300ge_firmwareryzen_threadripper_pro_5945wxryzen_5_2500u_firmwareryzen_5700gryzen_3_3100ryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_5300g_firmwareryzen_9_5980hsryzen_threadripper_2920xryzen_3_5125c_firmwareryzen_7_5825c_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_7_5800h_firmwareryzen_3_3300xryzen_7_3700xryzen_threadripper_pro_5965wx_firmwareryzen_5_5625c_firmwareryzen_5950x_firmwareryzen_5_2600hryzen_5_5625cryzen_7_2700uryzen_3_5400uryzen_5_3450g_firmwareryzen_7_2800hryzen_threadripper_3990x_firmwareryzen_5_2600x_firmwareryzen_5700g_firmwareryzen_5_5600x_firmwareryzen_7_3700x_firmwareryzen_5900x_firmwareryzen_9_5980hs_firmwareryzen_5300gryzen_5700geryzen_threadripper_3990xryzen_5_5600hs_firmwareryzen_5800x3d_firmwareryzen_5_3400g_firmwareryzen_7_2700_firmwareryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_7_3800xryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_5600x_firmwareryzen_threadripper_pro_5945wx_firmwareryzen_3_5425cryzen_3_5425u_firmwareryzen_3_3300g_firmwareryzen_5_3450gryzen_5600geryzen_5_5600uryzen_threadripper_pro_5975wxryzen_3_2300u_firmwareryzen_9_5900hx_firmwareryzen_5600ge_firmwareryzen_threadripper_2970wxryzen_5_2600xryzen_7_2700u_firmwareryzen_5_5625uryzen_threadripper_2920x_firmwareryzen_5600g_firmwareryzen_3_5125cryzen_7_3800x_firmwareryzen_7_2800h_firmwareryzen_5_5700gryzen_9_5900hs_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareryzen_5800xryzen_9_3950x_firmwareryzen_5700ge_firmwareryzen_threadripper_pro_3995wxryzen_7_2700xryzen_5_5700g_firmwareryzen_threadripper_pro_3955wxryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_3_5425uryzen_5_5700ge_firmwareryzen_threadripper_pro_3955wx_firmwareryzen_5600xryzen_5300geryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_7_5825cryzen_5950xryzen_5_2600h_firmwareryzen_7_5800uryzen_threadripper_pro_5965wxryzen_9_5900hxryzen_5800x3dryzen_9_3950xryzen_threadripper_2990wxryzen_threadripper_3970xryzen_3_5425c_firmwareryzen_3_3300gryzen_7_5800hryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_7_5800hs_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareAthlon™ SeriesRyzen™ Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23829
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-8.2||HIGH
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 19:01
Updated-29 Aug, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ 3000 Series Desktop ProcessorsAMD EPYC™ Embedded 70033rd Gen AMD EPYC™ ProcessorsAMD RyzenTM Embedded R1000AMD Ryzen™ 4000 Series Mobile ProcessorsAMD Ryzen™ 5000 Series Desktop Processors2nd Gen AMD EPYC™ ProcessorsAMD Ryzen™ 7000 Series Desktop ProcessorsAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsAMD RyzenTM Embedded V30001st Gen AMD EPYC™ ProcessorsAMD Ryzen™ 6000 Series Mobile Processors and WorkstationsAMD RyzenTM Embedded R2000AMD Ryzen™ 5000 Series Mobile ProcessorsAMD EPYC™ Embedded 3000AMD RyzenTM Embedded V2000AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-SeriesAMD RyzenTM Embedded 5000AMD RyzenTM Embedded V1000AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ GraphicsAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ Threadripper™ PRO ProcessorAMD EPYC (TM) Embedded 7002AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsryzen_threadripper_pro_5995wxryzen_6980hx
CWE ID-CWE-284
Improper Access Control
CVE-2023-20587
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.41%
||
7 Day CHG+0.01%
Published-13 Feb, 2024 | 19:31
Updated-07 May, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-4th Gen AMD EPYC™ Processors3rd Gen AMD EPYC™ ProcessorsAMD EPYC(TM) Embedded 7003AMD EPYC(TM) Embedded 90032nd Gen AMD EPYC™ Processors1st Gen AMD EPYC™ ProcessorsAMD EPYC(TM) Embedded 7002 AMD EPYC(TM) Embedded 3000
CWE ID-CWE-284
Improper Access Control
CVE-2023-20579
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.32%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 19:32
Updated-14 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_7_5700geryzen_9_6900hs_firmwareryzen_3_5125cryzen_5_5600uryzen_7_pro_7840uryzen_7_5800hsryzen_7_3780uryzen_3_5300g_firmwareryzen_5_3450uryzen_9_5980hs_firmwareryzen_5_7645hx_firmwareryzen_7_7840h_firmwareryzen_3_5400u_firmwareryzen_5_5500gt_firmwareryzen_7_pro_7745ryzen_embedded_v3c14_firmwareryzen_9_7900x3dryzen_embedded_v2546ryzen_5_pro_7645_firmwareryzen_7_4700g_firmwareryzen_embedded_v3c48_firmwareryzen_7_7700x_firmwareryzen_threadripper_pro_7975wxryzen_embedded_v3c44ryzen_7_4700geryzen_9_4900hryzen_threadripper_pro_7945wx_firmwareryzen_5_7235hsryzen_5_5625cryzen_5_5560u_firmwareryzen_9_7950x_firmwareryzen_5_3580u_firmwareryzen_7_6800h_firmwareryzen_5_7535u_firmwareryzen_9_6980hx_firmwareryzen_7_4800h_firmwareryzen_5_pro_7645ryzen_9_6980hs_firmwareryzen_5_4600gryzen_5_7640hryzen_5_7520u_firmwareryzen_7_5800u_firmwareryzen_7_7735hs_firmwareryzen_5_5600hs_firmwareryzen_5_6600h_firmwareryzen_3_7335u_firmwareryzen_threadripper_pro_7985wxryzen_7_5800hs_firmwareryzen_3_3200u_firmwareryzen_threadripper_pro_7985wx_firmwareryzen_7_3700uryzen_5_5600geryzen_7_7800x3d_firmwareryzen_5_7600ryzen_5_4500uryzen_9_7940hxryzen_threadripper_7980x_firmwareryzen_9_7945hxryzen_5_4600geryzen_7_7700ryzen_3_5125c_firmwareryzen_7_7736u_firmwareryzen_3_3300u_firmwareryzen_5_pro_7640hs_firmwareryzen_9_7940hryzen_threadripper_7960x_firmwareryzen_7_5825cryzen_5_pro_7540uryzen_5_3450u_firmwareryzen_3_4300uryzen_3_5400uryzen_7_6800u_firmwareryzen_embedded_v3c16_firmwareryzen_3_3250u_firmwareryzen_5_pro_7540u_firmwareryzen_embedded_v3c44_firmwareryzen_embedded_v3c18ryzen_9_5900hs_firmwareryzen_7_7745hxryzen_5_7535uryzen_9_pro_7940hs_firmwareryzen_embedded_v2718ryzen_7_6800hsryzen_threadripper_pro_7995wxryzen_7_7435hsryzen_9_7900x_firmwareryzen_7_6800hs_firmwareryzen_3_4300g_firmwareryzen_5_3500c_firmwareryzen_7_4700uryzen_5_pro_7545u_firmwareryzen_3_5300geryzen_3_3250cryzen_5_5500gtryzen_7_3780u_firmwareryzen_7_5800h_firmwareryzen_5_7535hs_firmwareryzen_5_5625c_firmwareryzen_3_7440u_firmwareryzen_5_4600hryzen_9_6900hsryzen_7_7735h_firmwareryzen_5_7640h_firmwareryzen_3_3250uryzen_7_7745hx_firmwareryzen_7_7435hryzen_5_4600ge_firmwareryzen_embedded_v3c48ryzen_9_7845hxryzen_7_3700c_firmwareryzen_9_5900hsryzen_3_3350u_firmwareryzen_3_5425u_firmwareryzen_9_6900hx_firmwareryzen_5_pro_7545uryzen_7_5800hryzen_3_5425uryzen_5_7235hryzen_5_7235hs_firmwareryzen_7_5825u_firmwareryzen_5_7535h_firmwareryzen_7_3700cryzen_embedded_v3c16ryzen_5_5625u_firmwareryzen_5_3550hryzen_3_3350uryzen_7_3750hryzen_threadripper_7960xryzen_3_4300geryzen_7_6800uryzen_5_7645hxryzen_3_4300gryzen_5_5600gtryzen_embedded_v2516ryzen_5_7535hsryzen_5_7600x3dryzen_7_3750h_firmwareryzen_9_7945hx3dryzen_9_7940hx_firmwareryzen_5_6600uryzen_7_7840hryzen_5_5600g_firmwareryzen_7_5700gryzen_5_5625uryzen_threadripper_pro_7975wx_firmwareryzen_7_7735hryzen_5_7500fryzen_9_7945hx_firmwareryzen_9_7950xryzen_7_pro_7840hsryzen_7_pro_7840hs_firmwareryzen_5_7520uryzen_5_4600g_firmwareryzen_9_5900hx_firmwareryzen_embedded_v2718_firmwareryzen_7_5700ge_firmwareryzen_7_7735u_firmwareryzen_5_3580uryzen_9_6980hsryzen_threadripper_pro_7965wx_firmwareryzen_embedded_v2516_firmwareryzen_7_7736uryzen_7_4700gryzen_7_5825uryzen_3_5425cryzen_threadripper_pro_7995wx_firmwareryzen_3_3250c_firmwareryzen_threadripper_pro_7955wxryzen_5_5600u_firmwareryzen_5_6600hryzen_embedded_v2748_firmwareryzen_7_3700u_firmwareryzen_5_5600gryzen_embedded_v2546_firmwareryzen_threadripper_pro_7955wx_firmwareryzen_3_7320u_firmwareryzen_9_6980hxryzen_9_7845hx_firmwareryzen_7_4700u_firmwareryzen_9_7950x3dryzen_7_4800uryzen_7_7735hsryzen_9_7900ryzen_5_6600u_firmwareryzen_9_5900hxryzen_7_pro_7745_firmwareryzen_5_7500f_firmwareryzen_9_7900_firmwareryzen_5_3550h_firmwareryzen_5_5600hsryzen_9_5980hsryzen_5_3500cryzen_threadripper_7980xryzen_3_4300u_firmwareryzen_7_5700g_firmwareryzen_7_pro_7840u_firmwareryzen_3_3300uryzen_5_7535hryzen_9_4900h_firmwareryzen_3_7320uryzen_5_4600u_firmwareryzen_threadripper_7970xryzen_5_6600hs_firmwareryzen_5_7600_firmwareryzen_5_4600h_firmwareryzen_7_7735uryzen_9_7940h_firmwareryzen_7_5825c_firmwareryzen_5_5600gt_firmwareryzen_3_5300gryzen_9_7950x3d_firmwareryzen_3_4300ge_firmwareryzen_9_pro_7945ryzen_threadripper_7970x_firmwareryzen_5_pro_7640uryzen_3_7335uryzen_5_5560uryzen_embedded_v2748ryzen_5_4500u_firmwareryzen_5_4600uryzen_5_7600xryzen_5_3500uryzen_threadripper_pro_7945wxryzen_5_5600hryzen_9_7900xryzen_5_pro_7640u_firmwareryzen_7_7700xryzen_5_5600h_firmwareryzen_7_6800hryzen_5_pro_7640hsryzen_9_pro_7940hsryzen_7_7435hs_firmwareryzen_3_3200uryzen_7_4800hryzen_5_7600x3d_firmwareryzen_9_7945hx3d_firmwareryzen_9_6900hxryzen_threadripper_pro_7965wxryzen_5_7600x_firmwareryzen_3_5425c_firmwareryzen_9_pro_7945_firmwareryzen_embedded_v3c18_firmwareryzen_5_5600ge_firmwareryzen_7_4700ge_firmwareryzen_9_5980hxryzen_7_7800x3dryzen_embedded_v3c14ryzen_5_6600hsryzen_5_7235h_firmwareryzen_3_5300ge_firmwareryzen_9_5980hx_firmwareryzen_7_4800u_firmwareryzen_7_7700_firmwareryzen_9_7900x3d_firmwareryzen_7_5800uryzen_5_3500u_firmwareryzen_3_7440uryzen_7_7435h_firmwareAMD Ryzen™ 7045 Series Mobile Processors AMD Ryzen™ 7000 Series Desktop Processor AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics AMD Ryzen™ Embedded V3000AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics AMD Ryzen™ 3000 Series Processors with Radeon™ GraphicsAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ Embedded V2000AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsAMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics
CWE ID-CWE-284
Improper Access Control
CVE-2021-26338
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.95%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 17:53
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7282_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7302epyc_7413_firmwareepyc_7h12_firmwareepyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7343_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7313pepyc_7313epyc_7663_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532epyc_73f32nd Gen AMD EPYC™3rd Gen AMD EPYC™
CWE ID-CWE-284
Improper Access Control
CVE-2021-26334
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.51% / 65.31%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 15:43
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Chipset Driver Information Disclosure Vulnerability

The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsamd_uproflinux_kernelμProf Tool
CWE ID-CWE-284
Improper Access Control
CVE-2022-44643
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.12% / 31.06%
||
7 Day CHG~0.00%
Published-21 Dec, 2022 | 01:21
Updated-15 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Access policy with access to all tenants and using label selectors has more access

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.Grafana Labs
Product-amd64enterprise_metricsn/a
CWE ID-CWE-284
Improper Access Control
CVE-2022-27673
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.22%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:46
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-amd_linkAMD Link Android
CWE ID-CWE-284
Improper Access Control
CVE-2023-31346
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.03%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 19:18
Updated-20 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_9224epyc_9654p_firmwareepyc_7303epyc_7643_firmwareepyc_9474f_firmwareepyc_9374fepyc_9534epyc_7313pepyc_7663_firmwareepyc_9254_firmwareepyc_7203pepyc_7313p_firmwareepyc_9174f_firmwareepyc_9384x_firmwareepyc_7543p_firmwareepyc_7203p_firmwareepyc_9654_firmwareepyc_7443pepyc_9554_firmwareepyc_7763_firmwareepyc_9634epyc_9654pepyc_9454pepyc_7663epyc_8324pepyc_9124_firmwareepyc_7713epyc_7543epyc_7713_firmwareepyc_9684xepyc_7643epyc_7663p_firmwareepyc_8224pn_firmwareepyc_8434pn_firmwareepyc_9454p_firmwareepyc_7773x_firmwareepyc_7543pepyc_72f3_firmwareepyc_7573x_firmwareepyc_8534pnepyc_9374f_firmwareepyc_9274f_firmwareepyc_7343_firmwareepyc_7643pepyc_9124epyc_7573xepyc_9224_firmwareepyc_9534_firmwareepyc_7513_firmwareepyc_7763epyc_8534pepyc_8224p_firmwareepyc_7303_firmwareepyc_7513epyc_7543_firmwareepyc_7303p_firmwareepyc_8024pnepyc_7473xepyc_9184x_firmwareepyc_7453epyc_7413epyc_7443p_firmwareepyc_8224pepyc_75f3epyc_8434pepyc_9354epyc_8434pnepyc_74f3epyc_7303pepyc_9354_firmwareepyc_9474fepyc_75f3_firmwareepyc_7373x_firmwareepyc_9254epyc_9354p_firmwareepyc_9634_firmwareepyc_8024pepyc_9684x_firmwareepyc_7443epyc_9384xepyc_8024p_firmwareepyc_7203_firmwareepyc_8534p_firmwareepyc_7313_firmwareepyc_9554p_firmwareepyc_9554pepyc_72f3epyc_7643p_firmwareepyc_8224pnepyc_8124p_firmwareepyc_7453_firmwareepyc_7713p_firmwareepyc_8324p_firmwareepyc_9334_firmwareepyc_74f3_firmwareepyc_9354pepyc_7473x_firmwareepyc_9174fepyc_7773xepyc_7373xepyc_73f3epyc_8434p_firmwareepyc_9274fepyc_9184xepyc_8534pn_firmwareepyc_7713pepyc_9654epyc_8324pnepyc_7663pepyc_8124pnepyc_8124pepyc_9454epyc_7343epyc_7313epyc_8324pn_firmwareepyc_9334epyc_73f3_firmwareepyc_7443_firmwareepyc_9454_firmwareepyc_8024pn_firmwareepyc_9554epyc_8124pn_firmwareepyc_7413_firmware4th Gen AMD EPYC™ Processors 3rd Gen AMD EPYC™ Processors
CWE ID-CWE-284
Improper Access Control
CVE-2023-31341
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.21%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:57
Updated-26 Feb, 2025 | 07:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-uprofμProf Toolamd_uprof
CWE ID-CWE-284
Improper Access Control
CVE-2024-39934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.07%
||
7 Day CHG~0.00%
Published-04 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 04:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment.

Action-Not Available
Vendor-n/arobotmk
Product-n/arobotmk
CWE ID-CWE-284
Improper Access Control
CVE-2024-38100
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-20.09% / 95.28%
||
7 Day CHG+2.28%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows File Explorer Elevation of Privilege Vulnerability

Windows File Explorer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016Windows Server 2019Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2023-29242
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.58%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 14:01
Updated-24 Jan, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_rendering_toolkitoneapi_base_toolkitoneapi_ai_analytics_toolkitoneapi_dl_framework_developer_toolkitoneapi_hpc_toolkitoneapi_iot_toolkitIntel(R) oneAPI Toolkits
CWE ID-CWE-284
Improper Access Control
CVE-2024-38163
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.00% / 76.02%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 23:23
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_21h2windows_server_2022windows_10_22h2Windows 11 version 21H2Windows Server 2022Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-29157
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 25.50%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-30 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-one_boot_flash_updateIntel(R) OFU software
CWE ID-CWE-284
Improper Access Control
CVE-2024-38195
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.87% / 74.28%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure CycleCloud Remote Code Execution Vulnerability

Azure CycleCloud Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_cyclecloudAzure CycleCloud 8.4.0Azure CycleCloud 8.4.1Azure CycleCloud 8.6.0Azure CycleCloud 8.0.2Azure CycleCloud 8.1.0Azure CycleCloud 8.2.2Azure CycleCloud 8.2.1Azure CycleCloud 8.0.0Azure CycleCloud 8.4.2Azure CycleCloud 8.2.0Azure CycleCloud 8.5.0Azure CycleCloudAzure CycleCloud 8.1.1Azure CycleCloud 8.0.1Azure CycleCloud 8.3.0
CWE ID-CWE-284
Improper Access Control
CVE-2023-3039
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.09%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 06:06
Updated-26 Sep, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.

Action-Not Available
Vendor-Dell Inc.
Product-sd_rom_utilitySD ROM Utility
CWE ID-CWE-284
Improper Access Control
CVE-2024-36488
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 4.30%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:11
Updated-04 Feb, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-driver_\&_support_assistantIntel(R) DSAdsa_software
CWE ID-CWE-284
Improper Access Control
CVE-2022-23508
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.03% / 5.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 12:56
Updated-10 Mar, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GitOps Run allows for Kubernetes workload injection

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorized access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content. By leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster. There are no known workarounds for this issue, please upgrade. This vulnerability has been fixed by commits 75268c4 and 966823b. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. ### Workarounds There is no workaround for this vulnerability. ### References Disclosed by Paulo Gomes, Senior Software Engineer, Weaveworks. ### For more information If you have any questions or comments about this advisory: - Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops) - Email us at [support@weave.works](mailto:support@weave.works)

Action-Not Available
Vendor-weaveweaveworks
Product-weave_gitopsweave-gitops
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-41309
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 10.01%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 00:00
Updated-08 Aug, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.

Action-Not Available
Vendor-enjayworldn/aenjay
Product-enjay_crmn/acrm
CWE ID-CWE-284
Improper Access Control
CVE-2023-28246
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.13%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Registry Elevation of Privilege Vulnerability

Windows Registry Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_21h2windows_11_22h2windows_server_2022Windows Server 2022Windows 11 version 21H2Windows 11 version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2024-41308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 10.01%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 00:00
Updated-08 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.

Action-Not Available
Vendor-enjayworldn/aenjay
Product-enjay_crmn/acrm
CWE ID-CWE-284
Improper Access Control
CVE-2023-28070
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.58%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 08:05
Updated-30 Jan, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-28051
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.22%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 07:20
Updated-10 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2023-28066
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.04%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 15:40
Updated-08 Jan, 2025 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_toolDell OS Recovery Tool
CWE ID-CWE-284
Improper Access Control
CVE-2023-27509
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.04% / 12.53%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-02 Oct, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ispc_software_installerIntel(R) ISPC software installers
CWE ID-CWE-284
Improper Access Control
CVE-2024-34543
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.70%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 16:38
Updated-23 Sep, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-raid_web_consoleIntel(R) RAID Web Console softwareraid_web_console
CWE ID-CWE-284
Improper Access Control
CVE-2023-27517
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.08% / 24.67%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-20 Feb, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nmc2xxd128gpsu4nma1xxd128gpsu4optane_persistent_memory_firmwarenmc2xxd512gpsu4nmb1xxd128gpsufnmb1xxd256gpsu4nmb1xxd128gpsu4nma1xxd512gpsufnma1xxd128gpsufnmc2xxd256gpsu4nmb1xxd512gpsu4nma1xxd256gpsufnmb1xxd256gpsufnmb1xxd512gpsufnma1xxd512gpsu4nma1xxd256gpsu4Intel(R) Optane(TM) PMem softwareoptane_persistent_memory_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2024-33027
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.59%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-20 Nov, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Linux

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwaresa8145p_firmwareqcs610315_5g_iot_modem_firmwaresnapdragon_x24_lte_modem_firmwareqca8337csra6620snapdragon_212_mobile_platformsnapdragon_860_mobile_platform_firmwarewcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresa6155video_collaboration_vc3_platformqca6335sd730_firmwarewcd9370csra6620_firmwarecsra6640_firmwareqca6564qcs6125_firmwarewcn3990_firmwareqca9377wcn3950wcd9326_firmwarefastconnect_6200wcn3660bsnapdragon_660_mobile_platform_firmwaresa8155snapdragon_429_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574au_firmwaresdx55_firmwarewcn3680b_firmwaresnapdragon_212_mobile_platform_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3610_firmwareqca6420snapdragon_429_mobile_platformqca6564au_firmwaresa6155p_firmwareqca6310snapdragon_855\+_firmwaresmart_audio_400_platform_firmwareqcs6125sa8155_firmwarerobotics_rb3_platform_firmwarevision_intelligence_300_platform_firmwarewcn3988_firmwareqca6430315_5g_iot_modemqcn9074robotics_rb3_platformsa6145p_firmwaresm6250c-v2x_9150snapdragon_678_mobile_platform_firmwaresnapdragon_720g_mobile_platformsa8195psnapdragon_855\+sxr1120wcd9340wsa8810_firmwarevision_intelligence_400_platformwcd9326wcd9335sa6155pqca6174a_firmwarewcd9341qca6696_firmwarewcd9375snapdragon_855_mobile_platform_firmwareaqt1000sa8150psnapdragon_210_processor_firmwaresm6250_firmwarevision_intelligence_400_platform_firmwaresd855_firmwaresd660wcn3620_firmwarewcn3988wsa8815_firmwaresd660_firmwarewcn3620sa8195p_firmwaresxr1120_firmwaresnapdragon_730_mobile_platform_firmwarewcn3610qcm6125_firmwaresnapdragon_675_mobile_platform_firmwaresnapdragon_845_mobile_platformqca8337_firmwarewcd9380_firmwarewcn3990sdm429wqca6595qca6564ausnapdragon_670_mobile_platform_firmwaresd670_firmwareqca6574sdm429w_firmwarewcd9380snapdragon_678_mobile_platformqcs410snapdragon_210_processorqca6574asmart_audio_400_platformqca6174avideo_collaboration_vc3_platform_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcn3980snapdragon_732g_mobile_platform_firmwareqca6335_firmwareqca6574_firmwarewcd9340_firmwaresd855wsa8815205_mobile_platform_firmwarewcn3660b_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_670_mobile_platformsnapdragon_730g_mobile_platformvision_intelligence_300_platformsnapdragon_x55_5g_modem-rf_system_firmwaresd730qca6391wcn3980_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresnapdragon_710_mobile_platformaqt1000_firmwaresnapdragon_845_mobile_platform_firmware215_mobile_platformar8031_firmwaresnapdragon_xr1_platformsnapdragon_660_mobile_platformvideo_collaboration_vc1_platform_firmwareqca6574ausa8155p_firmwaresd670wcd9341_firmwareqcm6125wsa8810snapdragon_x24_lte_modemsnapdragon_730g_mobile_platform_firmwareqcs610_firmwaresa6145psnapdragon_730_mobile_platformwcn3680bqca6564_firmwaresnapdragon_675_mobile_platformar8031qca6595_firmwaresa8145pqca6696205_mobile_platform215_mobile_platform_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_732g_mobile_platformwcd9370_firmwaresa6150psdx55snapdragon_x50_5g_modem-rf_systemsa8155pcsra6640video_collaboration_vc1_platformsnapdragon_860_mobile_platformqcn9074_firmwareqcs410_firmwaresnapdragon_720g_mobile_platform_firmwaresnapdragon_855_mobile_platformsnapdragon_xr1_platform_firmwareSnapdragonqca9377_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmware315_5g_iot_modem_firmwaresnapdragon_x24_lte_modem_firmwaresnapdragon_670_mobile_platform_firmwaresd670_firmwaresdm429w_firmwarewcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresnapdragon_xr1_platform_firmwaresd730_firmwarecsra6620_firmwarecsra6640_firmwareqcs6125_firmwarewcn3990_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6335_firmwarewcd9326_firmwareqca6574_firmwarewcd9340_firmwaresnapdragon_660_mobile_platform_firmwarewcn3660b_firmwaresnapdragon_429_mobile_platform_firmwareqca6574a_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwaresnapdragon_212_mobile_platform_firmwarewcd9375_firmwaresa6155_firmwarefastconnect_6200_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3610_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareaqt1000_firmwareqca6564au_firmwaresa6155p_firmwaresnapdragon_845_mobile_platform_firmwaresmart_audio_400_platform_firmwarear8031_firmwaresa8155_firmwarerobotics_rb3_platform_firmwarevision_intelligence_300_platform_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwarewsa8810_firmwarewcd9341_firmwareqcs610_firmwarequalcomm_215_mobile_platform_firmwareqca6174a_firmwarequalcomm_205_mobile_platform_firmwareqca6564_firmwareqca6696_firmwareqca6595_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresnapdragon_210_processor_firmwaresm6250_firmwarevision_intelligence_400_platform_firmwaresd855_firmwarewcn3620_firmwarewsa8815_firmwaresd660_firmwaresa8195p_firmwareqcn9074_firmwaresxr1120_firmwareqcs410_firmwaresnapdragon_720g_mobile_platform_firmwareqcm6125_firmwaresnapdragon_675_mobile_platform_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2023-25496
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.16%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 21:13
Updated-30 Jan, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-drivers_managementLenovo Drivers Management
CWE ID-CWE-284
Improper Access Control
CVE-2023-25773
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.58%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-uniteIntel(R) Unite(R) Hub software installer for Windows
CWE ID-CWE-284
Improper Access Control
CVE-2024-38162
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.87% / 74.28%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Connected Machine Agent Elevation of Privilege Vulnerability

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_connected_machine_agentAzure Connected Machine Agent
CWE ID-CWE-284
Improper Access Control
CVE-2023-25174
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.51%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-12 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-chipset_device_softwareIntel(R) Chipset Driver Software
CWE ID-CWE-284
Improper Access Control
CVE-2023-24844
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 5.72%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-27 Feb, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Core

Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830qca8337_firmwarewcd9380_firmwareqca8337sg8275p_firmwareqru1032qcm8550qdu1010_firmwareqru1052ar8035_firmwareqdx1011qdu1000wsa8840wsa8835qdu1110_firmwarewcn3950_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcd9380fastconnect_6700snapdragon_x70_modem-rf_systemwcd9370snapdragon_4_gen_2_mobile_platform_firmwareqdu1110sg8275psnapdragon_8_gen_2_mobile_platformqru1062wcd9385_firmwarewsa8845wcn3950qcn6024_firmwarewsa8815qru1032_firmwarewsa8845_firmwaresnapdragon_4_gen_2_mobile_platformqcn9024wsa8845h_firmwareqca8081_firmwarefastconnect_7800snapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcm4490_firmwareqcs4490_firmwaresnapdragon_x70_modem-rf_system_firmwaresnapdragon_x65_5g_modem-rf_systemwsa8840_firmwarewsa8832_firmwarefastconnect_6900fastconnect_6900_firmwareqcs8550_firmwarewcn3988_firmwareqru1062_firmwareqdu1010qdx1011_firmwarefastconnect_6700_firmwareqcn9024_firmwarewsa8810_firmwarefastconnect_7800_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8810wsa8845hwsa8832wcd9395_firmwareqdx1010_firmwareqdu1000_firmwareqca8081sm8550pqcm4490wcd9385qcs4490wcd9395qcs8550ar8035qru1052_firmwarewcd9370_firmwaresm8550p_firmwareqdx1010wcd9390wcd9390_firmwarewsa8830_firmwareqcn6024qdu1210wcn3988wsa8815_firmwarewsa8835_firmwareqdu1210_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2024-37289
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.15%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 21:22
Updated-16 Jun, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-apex_oneTrend Micro Apex OneTrend Micro Apex One as a Serviceapex_one
CWE ID-CWE-284
Improper Access Control
CVE-2023-24485
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.26%
||
7 Day CHG-0.04%
Published-16 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation on the system running a vulnerable version of Citrix Workspace app for Windows

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)
Product-workspaceCitrix Workspace App for Windows
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-22618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 00:00
Updated-20 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.

Action-Not Available
Vendor-n/aNokia Corporation
Product-wavelite_metro_200_and_f2b_fanswavelite_metro_200_ne_and_f2b_fans_firmwarewavelite_metro_200_ne_ops_and_f2b_fanswavelite_metro_200_ops_and_fanswavelite_metro_200_and_fanwavelite_metro_200_ops_and_f2b_fans_firmwarewavelite_metro_200_ops_and_f2b_fanswavelite_metro_200_ne_and_f2b_fanswavelite_metro_200_ops_and_fans_firmwarewavelite_metro_200_and_fan_firmwarewavelite_metro_200_ne_ops_and_f2b_fans_firmwarewavelite_metro_200_and_f2b_fans_firmwaren/awavelite_metro_200_and_f2b_fanswavelite_metro_200_ne_ops_and_f2b_fanswavelite_metro_200_ops_and_fanswavelite_metro_200_and_fanwavelite_metro_200_ne_and_f2b_fans
CWE ID-CWE-284
Improper Access Control
CVE-2023-22312
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 22.96%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc11dbbi7_firmwarenuc_11_pro_kit_nuc11tnkv7_firmwarenuc_11_enthusiast_kit_nuc11phki7cnuc_11_pro_kit_nuc11tnhv7nuc_11_performance_kit_nuc11pahi3_firmwarenuc_board_nuc8cchbnuc_11_pro_kit_nuc11tnhv50lnuc_11_pro_mini_pc_nuc11tnkv7_firmwarenuc_11_pro_mini_pc_nuc11tnkv5lapkc71f_firmwarenuc_11_performance_kit_nuc11pahi3nuc_11_compute_element_cm11ebi58wnuc_8_rugged_kit_nuc8cchkrn_firmwarenuc_11_performance_mini_pc_nuc11paqi50wanuc11dbbi7nuc_m15_laptop_kit_lapbc710_firmwarenuc_11_performance_kit_nuc11paki7_firmwarenuc_11_performance_mini_pc_nuc11paqi50wa_firmwarenuc_board_nuc8cchb_firmwarenuc_8_rugged_board_nuc8cchbn_firmwarenuc_11_performance_kit_nuc11pahi50z_firmwarenuc_11_performance_kit_nuc11pahi7nuc_11_pro_kit_nuc11tnhv7_firmwarenuc_11_performance_mini_pc_nuc11paqi70qa_firmwarenuc_11_pro_kit_nuc11tnkv5_firmwarenuc_11_performance_kit_nuc11pahi50znuc_11_compute_element_cm11ebc4wnuc11dbbi9nuc_11_performance_kit_nuc11pahi30znuc_11_pro_board_nuc11tnbv7_firmwarenuc_11_pro_kit_nuc11tnhv70lnuc_11_performance_kit_nuc11pahi30z_firmwarenuc_11_compute_element_cm11ebc4w_firmwarenuc_8_rugged_board_nuc8cchbnnuc_11_pro_mini_pc_nuc11tnkv5_firmwarenuc_11_pro_board_nuc11tnbv5nuc_11_pro_board_nuc11tnbv5_firmwarenuc_11_performance_kit_nuc11paki5nuc_11_compute_element_cm11ebi38w_firmwarenuc_11_performance_kit_nuc11paki3_firmwarenuc_m15_laptop_kit_lapbc710nuc_11_performance_kit_nuc11paki5_firmwarenuc_11_compute_element_cm11ebi716w_firmwarenuc_11_performance_kit_nuc11pahi70z_firmwarenuc11btmi9nuc_11_compute_element_cm11ebi38wlapkc71flapkc51e_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caanuc_11_performance_kit_nuc11pahi5_firmwarenuc_11_pro_kit_nuc11tnhv5_firmwarenuc_11_pro_kit_nuc11tnkv5nuc_11_performance_kit_nuc11paki7nuc_11_compute_element_cm11ebi58w_firmwarenuc_8_rugged_kit_nuc8cchkrnuc_11_performance_kit_nuc11pahi70znuc_11_performance_kit_nuc11pahi5nuc11dbbi9_firmwarenuc_11_performance_kit_nuc11paki3nuc_11_performance_kit_nuc11pahi7_firmwarenuc_11_pro_kit_nuc11tnkv50z_firmwarenuc_8_rugged_kit_nuc8cchkr_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caa_firmwarenuc_11_pro_kit_nuc11tnhv50l_firmwarenuc_11_pro_mini_pc_nuc11tnkv7nuc_11_performance_mini_pc_nuc11paqi70qalapkc71enuc_11_pro_kit_nuc11tnkv7nuc_m15_laptop_kit_lapbc510nuc_11_compute_element_cm11ebi716wnuc_11_pro_kit_nuc11tnkv50znuc_11_enthusiast_kit_nuc11phki7c_firmwarenuc_11_pro_board_nuc11tnbv7lapkc51enuc_11_pro_kit_nuc11tnhv5nuc_8_rugged_kit_nuc8cchkrnnuc11btmi7_firmwarelapkc71e_firmwarenuc11btmi9_firmwarenuc_m15_laptop_kit_lapbc510_firmwarenuc_11_pro_kit_nuc11tnhv70l_firmwarenuc11btmi7Intel(R) NUC BIOS firmware
CWE ID-CWE-284
Improper Access Control
CVE-2023-21491
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 11.35%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CVE-2023-21488
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 5.94%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CVE-2023-21518
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.11% / 30.43%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-07 Nov, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-searchwidgetSamsung SearchWidget
CWE ID-CWE-284
Improper Access Control
CVE-2023-21642
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 05:08
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in HAB Memory Management

Memory corruption in HAB Memory management due to broad system privileges via physical address.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6145psa6155p_firmwaresa6150p_firmwaresa8145p_firmwareqca6696_firmwaresa8145pqca6696qam8295psa9000psa8150psa6150pqca6574ausa8155psa6145p_firmwaresa8155p_firmwareqam8295p_firmwaresa8195psa8540p_firmwaresa9000p_firmwaresa8150p_firmwareqca6574au_firmwaresa8195p_firmwaresa6155psa8540psa8295p_firmwaresa8295pSnapdragonsa6145p_firmwaresa6155p_firmwaresa8155p_firmwaresa6150p_firmwareqam8295p_firmwaresa8145p_firmwaresa8540p_firmwareqca6696_firmwaresa9000p_firmwareqca6574au_firmwaresa8150p_firmwaresa8195p_firmwaresa8295p_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2023-21670
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.57%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-07 Jan, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access control in GPU Subsystem

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqam8255p_firmwaresm7325-ae_firmwaresa6150p_firmwaresm6250p_firmwareqcs610315_5g_iot_modem_firmwareqca8337qam8775psnapdragon_212_mobile_platformwcn3950_firmwaresa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155qca6335sm8350sdm670csra6620_firmwareqcs605_firmwarecsra6640_firmwarewcn685x-1qcs400_firmwaresm7350-ab_firmwaresda845_firmwaresnapdragonwear_4100\+_platformsm4375wcn3998qam8295pwcn3950qcn6024_firmwaresm4125wcn3660bsm7150-acqsm8350_firmwareqsm8350sm7315_firmwaresm7325-aesnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaresm6225-adqca6420sda845snapdragon_auto_5g_modem-rf_firmwaresm6225-ad_firmwareqrb5165m_firmwareqrb5165_firmwareqca6698aqsa4155p_firmwaresa8155_firmwaresnapdragon_7c\+_gen3_computesm7250-ab_firmwareqca6430wcd9340sw5100qca6436sa6155pqca6698aq_firmwaresnapdragon_690_5g_mobile_platformmsm8905wcn685x-1_firmwaresm8150_firmwarewcd9341qam8775p_firmwaresa8255psnapdragon_ar2_gen1_platform_firmwareqca6696_firmwaresnapdragon_x12_lte_modemqca6797aqwcn3910_firmwaresm4350_firmwaresa8150psm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresm7225_firmwarewcn3988sd660_firmwaresm4250-aa_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresm6125_firmwaresa8295p_firmwarewcn3610snapdragon_675_mobile_platform_firmwarec-v2x9150wcn3991qca8337_firmwarewcd9380_firmwaressg2125psdm429wsw5100psdm429sd670_firmwareqca6574wcd9380qcs410snapdragon_210_processorsm7150-aa_firmwaresxr1230pqcn9012_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225qcm4325_firmwareqcs605wcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910sdm429_firmwareqcs8250qca6426_firmwaresm4450wcn3660b_firmwarewcn3680qcn9024wcn3980_firmwaresd730snapdragon_x50_5g_modem-rf_system_firmwaresm7150-aasa8295psm8475_firmwarewcn6740_firmwaresm7125qcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemar8031_firmwarewcn3680_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwaresnapdragon_xr2\+_gen1_platformsdm660qca6797aq_firmwarewcn785x-1_firmwaresdm710sd670qcn9024_firmwareqcm4290_firmwaresnapdragon_x24_lte_modemwsa8832sw5100p_firmwareqcs610_firmwaresa6145par8031qcs4490qca6595_firmwaresa8145pqca6391_firmwaresa4150p_firmwarewcd9370_firmwareqm215_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psnapdragon_695_5g_mobile_platformssg2115p_firmwareqcs8155_firmwareqam8255psa4155par8035_firmwareqcm2290sdm845_firmwarewcn3991_firmwarewsa8830snapdragon_662_mobile_platform_firmwaresxr2230p_firmwaresa8145p_firmwaresm6125snapdragon_x24_lte_modem_firmwareqcs2290_firmwareqam8650pwcn785x-5flight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwaresm7250-ac_firmwareqcs4290qca6420_firmwareqca6390_firmwaresd730_firmwarewcd9370ssg2115pqca6426wcn3990_firmwareqrb5165n_firmwaresm8450qca9377sm8250-abwcd9385_firmwarewcd9326_firmwarewcn3615_firmwaresnapdragon_w5\+_gen1_wearable_platformqam8295p_firmwaresm7325-afqcn9011_firmwaresa8155snapdragon_x55_5g_modem-rf_systemmsm8905_firmwarewcn3680b_firmwaresdx55_firmwaresnapdragon_7c\+_gen3_compute_firmwaresnapdragon_212_mobile_platform_firmwarewcn3615qca6595ausm7325-af_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwaresm4350-acqrb5165nsnapdragon_680_4g_mobile_platform_firmwaresa6155p_firmwareqca6310snapdragon_x65_5g_modem-rf_system_firmwareqcs8155qcs6490qcs8550_firmwaresm8250_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemqcn9074sa6145p_firmwareqm215sm6250sm7250-aasnapdragon_xr2\+_gen1_platform_firmwaresa8195psxr1120sdm710_firmwarewsa8810_firmwaresm4375_firmwaresm8450_firmwarewcd9326wcd9335sa8255p_firmwaresg4150pqca8081qcm4490qca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwaresm7150-abqca6390wcd9375ar8035aqt1000snapdragon_210_processor_firmwaresm6250_firmwaresnapdragon_662_mobile_platformwcn3620_firmwaresm8150wsa8815_firmwareqcm6490wsa8835_firmwarewcn3620sm7350-absxr1120_firmwaresa4150psg4150p_firmwarewcn785x-1qcm4325qcm2290_firmwarewcn3990sdm845sd865_5gsnapdragon_ar2_gen1_platformqca6595sm8350-ac_firmwaresm8150-acqcn9012sd888wsa8835sxr1230p_firmwaresdm429w_firmwarec-v2x9150_firmwaresnapdragon_auto_5g_modem-rfsm6250psxr2130ssg2125p_firmwareqca6574awcn685x-5_firmwareqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresm7250-abqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwareqca6574a_firmwareqrb5165mwcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwaresm8250-ab_firmwareqca6391aqt1000_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_w5\+_gen1_wearable_platform_firmwareqcm4290qcm6490_firmwarewsa8832_firmwaresnapdragon_xr1_platformwcn685x-5qcn9011qca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwarewsa8810sm7250-aa_firmwaresm7250-acsnapdragon_680_4g_mobile_platformsm8150-ac_firmwarewcn3680bsm8350-acqam8650p_firmwaresnapdragon_675_mobile_platformwcn6740qca6696qcs8550snapdragonwear_4100\+_platform_firmwaresm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsa6150pqcn6024sm7250psw5100_firmwareqcn9074_firmwareqcs410_firmwareqcs400sdm660_firmwaresnapdragon_xr1_platform_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-2112
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-3.6||LOW
EPSS-0.04% / 8.70%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 08:05
Updated-28 Aug, 2024 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Desktop component allows lateral movement between sessions

Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Desktop
CWE ID-CWE-284
Improper Access Control
CVE-2024-33673
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.83%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 00:00
Updated-30 Jun, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-backup_execn/abackup_exec
CWE ID-CWE-284
Improper Access Control
CVE-2023-20224
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.40%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 21:43
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient input validation of user-supplied CLI arguments. An attacker could exploit this vulnerability by authenticating to an affected device and using crafted commands at the prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. The attacker must have valid credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-thousandeyes_enterprise_agentCisco ThousandEyes Recorder Application
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2023-20065
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.51%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_920-10sz-pdcatalyst_3850asr_907catalyst_9500hcatalyst_3850-16xs-scatalyst_3850-48pw-sasr_1000-esp200-xcatalyst_9300l-24t-4x-acatalyst_9300-48un-e4331_integrated_services_routercg522-easr_90064461_integrated_services_routercatalyst_9300-48p-acatalyst_9300-24s-aasr_901s-3sg-f-dasr_1000-esp100-xcatalyst_9300l-48t-4x-aasr_920-12sz-imcatalyst_8300catalyst_8500-4qccatalyst_3850-48u-lcatalyst_9800-80_wireless_controlleress-3300-ncp-acatalyst_8300-1n1s-6t8101-32fhcatalyst_9300l-24t-4g-easr_920-12cz-a_rcatalyst_3850-48xscatalyst_9800-clcatalyst_9300-48p-e1131_integrated_services_routercatalyst_9300-48t-ecatalyst_9600xcatalyst_3850-24xu-eess-3300-24t-con-e9800-40catalyst_9600catalyst_3850-48u-scatalyst_3850-16xs-ecatalyst_8510msrcatalyst_9200lcatalyst_3850-24xucatalyst_9300-48uxm-e1109_integrated_services_routercatalyst_9400catalyst_3850-48t-l1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_9600_supervisor_engine-1ess-3300-24t-con-acatalyst_9800-40catalyst_9300l-48p-4x-acatalyst_9800catalyst_9300-48u-aasr_902u1100-4p_integrated_services_routerasr_903asr_9920asr_9906catalyst_ie3200_rugged_switchcatalyst_3850-48t-ecg418-e1101_integrated_services_routerasr_920-24tz-m_r8101-32hasr_920-24sz-m_ress-3300-24t-ncp-acatalyst_3850-12s-sasr_9010asr_920-4sz-d_rcatalyst_3850-24u-sasr_99021100_integrated_services_routerasr_901-4c-ft-dcatalyst_9300l-24t-4x-ecatalyst_9800-40_wireless_controllerasr_1002-hx_rasr_1006-xasr_920-12cz-acatalyst_9300l-24p-4g-aess-3300-24t-ncp-easr_901-12c-ft-dcatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_3850-32xs-scatalyst_9500asr_9001asr_901s-3sg-f-ah4221_integrated_services_routercatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_ie3400_heavy_duty_switchcatalyst_3850-24s-scatalyst_9300-48s-easr_1002-xasr_920-12cz-d_r8800_18-slotcatalyst_9300lcatalyst_ie3400_rugged_switch4451-x_integrated_services_routercatalyst_3850-48p-scatalyst_ie9300catalyst_8510csrasr_1002-hx1109-2p_integrated_services_routercatalyst_9200cxasr_920-10sz-pd_rcatalyst_8200asr_1000-esp100catalyst_9300-48t-acatalyst_3850-12s-ecatalyst_8500asr_920u-12sz-im8831catalyst_3850-24t-easr_900asr_901-6cz-ft-a4321_integrated_services_routercatalyst_3850-24xs-scatalyst_8300-1n1s-4t2x8804catalyst_ie3300_rugged_switchasr_1000catalyst_3850-48p-lcatalyst_8300-2n2s-4t2xasr_920-12sz-im_r88081100-8p_integrated_services_routercatalyst_9410rcatalyst_3850-nm-8-10gasr_901-12c-f-dcatalyst_3850-12xs-easr_901s-2sg-f-ahcatalyst_8540csrcatalyst_3850-32xs-e1100-6g_integrated_services_routercatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-easr_9148202catalyst_3850-24p-scatalyst_3850-24u9800-lcatalyst_9300l_stackasr_920-12cz-dcatalyst_9300l-24p-4g-easr_920-4sz-d111x_integrated_services_routercatalyst_9800-l8201-32fhasr_1013catalyst_8540msrasr_920-24sz-imcatalyst_3850-nm-2-40gcbr-8catalyst_9300lmcatalyst_9300-24t-easr_9000vcatalyst_3850-48t-scatalyst_9407rcatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9800_embedded_wireless_controllercatalyst_9200catalyst_9300l-48p-4g-a1160_integrated_services_routercatalyst_9300l-48t-4g-aasr_920-24sz-mintegrated_services_virtual_routerasr_920-4sz-acatalyst_ie3200catalyst_3850-48p-ecatalyst_9800-80catalyst_8300-2n2s-6tasr_920-4sz-a_rcatalyst_9300l-48p-4x-eess-3300-con-aasr_901-6cz-ft-dasr_901-6cz-f-dess-3300-ncp-easr_9000catalyst_8500lcatalyst_9300-24s-ecatalyst_9300-48u-e1101-4p_integrated_services_routercatalyst_9300-48s-acatalyst_3850-24p-easr_1006catalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300asr_920-24sz-im_rcatalyst_3850-24xu-s4451_integrated_services_routerasr_9901catalyst_3850-24xs-ecatalyst_9400_supervisor_engine-1ess-3300-con-ecatalyst_ie3400catalyst_3850-24u-lcatalyst_9300l-24t-4g-a9800-clcatalyst_3850-48f-sasr_901-4c-f-d8800_8-slotasr_1001-hx_rcatalyst_9800-l-ccatalyst_3850-48f-e4000_integrated_services_router1000_integrated_services_routercatalyst_9300-48uxm-aasr_102388128818catalyst_9300-24p-aasr_1001esr6300catalyst_3850-48xs-easr_9904catalyst_9300-24u-acatalyst_3850-48uasr_1001-hxcatalyst_ie33008102-64hasr_1009-x8201catalyst_9300-24u-easr_901-6cz-f-acatalyst_3850-12x48ucatalyst_9300xcatalyst_9300-48un-aasr_1001-x_rasr_901-6cz-fs-dcatalyst_9300-24p-easr_1002-x_rasr_901s-4sg-f-dcatalyst_3850-48xs-f-easr_1002catalyst_9800-l-fasr_902asr_1004catalyst_9300l-48t-4x-ecatalyst_3850-24p-l1120_integrated_services_routercatalyst_3850-24xsasr_99038800_4-slotess9300-10x-e4431_integrated_services_router9800-80asr_901-6cz-fs-acatalyst_3850-24u-ecatalyst_3850-48xs-sios_xe1111x-8p_integrated_services_routerasr_9910asr_9912asr_99221109-4p_integrated_services_router8800_12-slotasr_1001-xasr_901s-2sg-f-dcatalyst_9300-24ux-e4351_integrated_services_routerasr_920-24tz-mCisco IOS XE Software
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found