Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-1007

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-24 Feb, 2023 | 10:23
Updated At-02 Aug, 2024 | 05:32
Rejected At-
Credits

Twister Antivirus IoControlCode filmfd.sys 0x801120E4 access control

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:24 Feb, 2023 | 10:23
Updated At:02 Aug, 2024 | 05:32
Rejected At:
▼CVE Numbering Authority (CNA)
Twister Antivirus IoControlCode filmfd.sys 0x801120E4 access control

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.

Affected Products
Vendor
Twister
Product
Antivirus
Modules
  • IoControlCode Handler
Versions
Affected
  • 8.17
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Controls
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Controls
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.05.3MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.04.3N/A
AV:L/AC:L/Au:S/C:P/I:P/A:P
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 4.3
Base severity: N/A
Vector:
AV:L/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
analyst
Zeze7w (VulDB User)
Timeline
EventDate
Advisory disclosed2023-02-24 00:00:00
CVE reserved2023-02-24 00:00:00
VulDB entry created2023-02-24 01:00:00
VulDB entry last update2023-03-26 09:33:18
Event: Advisory disclosed
Date: 2023-02-24 00:00:00
Event: CVE reserved
Date: 2023-02-24 00:00:00
Event: VulDB entry created
Date: 2023-02-24 01:00:00
Event: VulDB entry last update
Date: 2023-03-26 09:33:18
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.221740
vdb-entry
technical-description
https://vuldb.com/?ctiid.221740
signature
permissions-required
https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1007
related
https://drive.google.com/file/d/1wh20g2Ze4gwCtripe7QeHNXd3bS4aZNG/view?usp=sharing
exploit
Hyperlink: https://vuldb.com/?id.221740
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.221740
Resource:
signature
permissions-required
Hyperlink: https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1007
Resource:
related
Hyperlink: https://drive.google.com/file/d/1wh20g2Ze4gwCtripe7QeHNXd3bS4aZNG/view?usp=sharing
Resource:
exploit
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.221740
vdb-entry
technical-description
x_transferred
https://vuldb.com/?ctiid.221740
signature
permissions-required
x_transferred
https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1007
related
x_transferred
https://drive.google.com/file/d/1wh20g2Ze4gwCtripe7QeHNXd3bS4aZNG/view?usp=sharing
exploit
x_transferred
Hyperlink: https://vuldb.com/?id.221740
Resource:
vdb-entry
technical-description
x_transferred
Hyperlink: https://vuldb.com/?ctiid.221740
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1007
Resource:
related
x_transferred
Hyperlink: https://drive.google.com/file/d/1wh20g2Ze4gwCtripe7QeHNXd3bS4aZNG/view?usp=sharing
Resource:
exploit
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:24 Feb, 2023 | 11:15
Updated At:17 May, 2024 | 02:17

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.04.3MEDIUM
AV:L/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
filseclab
filseclab
>>twister_antivirus>>8.17
cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Primarycna@vuldb.com
CWE ID: CWE-284
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://drive.google.com/file/d/1wh20g2Ze4gwCtripe7QeHNXd3bS4aZNG/view?usp=sharingcna@vuldb.com
Broken Link
https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1007cna@vuldb.com
Exploit
Patch
Third Party Advisory
https://vuldb.com/?ctiid.221740cna@vuldb.com
Permissions Required
Third Party Advisory
https://vuldb.com/?id.221740cna@vuldb.com
Permissions Required
Third Party Advisory
Hyperlink: https://drive.google.com/file/d/1wh20g2Ze4gwCtripe7QeHNXd3bS4aZNG/view?usp=sharing
Source: cna@vuldb.com
Resource:
Broken Link
Hyperlink: https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1007
Source: cna@vuldb.com
Resource:
Exploit
Patch
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.221740
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://vuldb.com/?id.221740
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

224Records found
CVE-2025-59517
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.83%
||
7 Day CHG+0.01%
Published-09 Dec, 2025 | 17:55
Updated-13 Feb, 2026 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Storage VSP Driver Elevation of Privilege Vulnerability

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_22h2windows_11_24h2windows_server_2019windows_11_23h2windows_server_2022windows_10_21h2windows_10_1809windows_server_2016windows_server_2025windows_server_2022_23h2windows_11_25h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 21H2Windows 11 Version 25H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-58724
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.93%
||
7 Day CHG+0.04%
Published-14 Oct, 2025 | 17:01
Updated-13 Feb, 2026 | 23:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_connected_machine_agentArc Enabled Servers - Azure Connected Machine Agent
CWE ID-CWE-284
Improper Access Control
CVE-2025-58714
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.93%
||
7 Day CHG+0.04%
Published-14 Oct, 2025 | 17:01
Updated-13 Feb, 2026 | 23:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 11 Version 25H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2023-32479
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.21%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:09
Updated-22 Aug, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowssecurity_management_serverencryptionendpoint_security_suite_enterpriseDell Security Management Server (Windows)Dell Endpoint Security Suite EnterpriseDell Encryptionsecurity_management_serverencryptionendpoint_security_suite_enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2025-55694
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.67%
||
7 Day CHG+0.05%
Published-14 Oct, 2025 | 17:01
Updated-13 Feb, 2026 | 23:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Error Reporting Service Elevation of Privilege Vulnerability

Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_25h2windows_11_24h2Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 25H2
CWE ID-CWE-284
Improper Access Control
CVE-2022-20732
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.41%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 18:55
Updated-06 Nov, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-virtualized_infrastructure_managerCisco Virtualized Infrastructure Manager
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20716
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.34%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:15
Updated-06 Nov, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Solution Improper Access Control Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vedge_routersd-wansd-wan_solutionsd-wan_vedge_cloudsd-wan_vbond_orchestratorsd-wan_vsmart_controller_softwarecatalyst_sd-wan_managerCisco SD-WAN Solution
CWE ID-CWE-284
Improper Access Control
CVE-2024-34543
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 35.48%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 16:38
Updated-23 Sep, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-raid_web_consoleIntel(R) RAID Web Console softwareraid_web_console
CWE ID-CWE-284
Improper Access Control
CVE-2025-54871
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.87%
||
7 Day CHG~0.00%
Published-05 Aug, 2025 | 00:03
Updated-09 Oct, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0.

Action-Not Available
Vendor-electroncapturesteveseguin
Product-electron_captureelectroncapture
CWE ID-CWE-284
Improper Access Control
CVE-2021-1419
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:30
Updated-07 Nov, 2024 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Access Points SSH Management Privilege Escalation Vulnerability

A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562iaironet_1830eaironet_1850ecatalyst_iw6300_dcwaironet_1840icatalyst_iw6300_ac1100-8pcatalyst_9105axwesw63001100-8p_firmwarecatalyst_iw6300_ac_firmwarecatalyst_9115axe_firmwarecatalyst_9130axecatalyst_9130axe_firmwareaironet_1830e_firmwareaironet_1562ecatalyst_9105axw_firmwarecatalyst_9117_firmwareaironet_2800i_firmwareaironet_2800icatalyst_9105axi_firmwareaironet_1542iaironet_3800pcatalyst_iw6300_dc_firmwareaironet_3800p_firmwarecatalyst_9124axicatalyst_iw6300_dccatalyst_9120axpcatalyst_9115axiwireless_lan_controller_softwareaironet_1815iaironet_1815waironet_4800catalyst_9117axicatalyst_9800_firmwarecatalyst_9800-laironet_4800_firmwareaironet_1850i_firmwarecatalyst_9124axi_firmwareaironet_1815m_firmwareaironet_1562d_firmwareaironet_1815t_firmwareaironet_3800icatalyst_9120axi_firmwareaironet_1562i_firmwarecatalyst_9800-clcatalyst_9120axp_firmwareaironet_2800ecatalyst_9130axi_firmwareaironet_3800ecatalyst_9120axe_firmware1160_integrated_services_routeraironet_1830i_firmwarecatalyst_9120axeaironet_1815taironet_3800i_firmwareaironet_3800e_firmwarecatalyst_9115axi_firmwarecatalyst_9800-80aironet_1815i_firmwareaironet_1830iaironet_1850e_firmwareesw6300_firmwarecatalyst_9130axiaironet_1542dcatalyst_9800-40aironet_1815w_firmware1160_firmwareaironet_1542i_firmwareaironet_1562dcatalyst_9124axdcatalyst_iw6300_dcw_firmwarecatalyst_9105axicatalyst_9120axiaironet_2800e_firmwarecatalyst_9115axeaironet_1850i11201120_firmwareaironet_1562e_firmwareaironet_1815mcatalyst_9124axd_firmwareaironet_1542d_firmwareaironet_1840i_firmwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-284
Improper Access Control
CVE-2020-9046
Matching Score-4
Assigner-Johnson Controls
ShareView Details
Matching Score-4
Assigner-Johnson Controls
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.45%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 20:05
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kantech EntraPass Security Management Software - System Permissions Vulnerability

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.

Action-Not Available
Vendor-johnsoncontrolsJohnson Controls
Product-kantech_entrapassKantech EntraPass Security Management Software Special Edition versions 8.22 and priorKantech EntraPass Security Management Software Global Edition versions 8.22 and priorKantech EntraPass Security Management Software Corporate Edition versions 8.22 and prior
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-54098
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.36%
||
7 Day CHG+0.03%
Published-09 Sep, 2025 | 17:01
Updated-13 Feb, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Elevation of Privilege Vulnerability

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022windows_11_22h2windows_11_24h2windows_10_22h2windows_10_1607windows_10_21h2windows_11_23h2windows_server_2008windows_server_2012windows_server_2016windows_server_2019windows_server_2025windows_server_2022_23h2windows_10_1809Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2025-53729
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.99%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-13 Feb, 2026 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Azure File Sync Elevation of Privilege Vulnerability

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_file_syncAzure File Sync
CWE ID-CWE-284
Improper Access Control
CVE-2025-50777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.94%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 00:00
Updated-06 Aug, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems.

Action-Not Available
Vendor-aziotn/a
Product-2mp_full_hd_smart_wi-fi_cctv_home_security_camera2mp_full_hd_smart_wi-fi_cctv_home_security_camera_firmwaren/a
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-6971
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.71%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 20:02
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.

Action-Not Available
Vendor-emersonn/a
Product-valvelinkEmerson ValveLink
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-20762
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.31%
||
7 Day CHG~0.00%
Published-06 Apr, 2022 | 18:13
Updated-06 Nov, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ultra_cloud_core_-_subscriber_microservices_infrastructureCisco Ultra Cloud Core - Subscriber Microservices Infrastructure
CWE ID-CWE-284
Improper Access Control
CVE-2025-49692
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.63%
||
7 Day CHG+0.02%
Published-09 Sep, 2025 | 17:01
Updated-13 Feb, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_connected_machine_agentAzure Connected Machine Agent
CWE ID-CWE-284
Improper Access Control
CVE-2020-4107
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 21:25
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Domino is affected by an Insufficient Access Control vulnerability

HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-dominoHCL Domino
CWE ID-CWE-284
Improper Access Control
CVE-2020-10145
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 20:55
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-4037
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.86%
||
7 Day CHG~0.00%
Published-24 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kernelKernel
CWE ID-CWE-284
Improper Access Control
CVE-2020-25238
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.42%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_process_control_system_neototally_integrated_automation_portalPCS neo (Administration Console)TIA Portal
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-27264
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.04% / 13.25%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 19:21
Updated-30 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Performance Tools for i privilege escalation

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-284
Improper Access Control
CVE-2012-6689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.72%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-47993
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.17%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PC Manager Elevation of Privilege Vulnerability

Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_11_24h2Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025
CWE ID-CWE-284
Improper Access Control
CVE-2025-47962
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-13 Feb, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SDK Elevation of Privilege Vulnerability

Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_software_development_kitWindows SDK
CWE ID-CWE-284
Improper Access Control
CVE-2025-49154
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-8.7||HIGH
EPSS-0.01% / 2.67%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 18:42
Updated-06 Oct, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro IncorporatedMicrosoft Corporation
Product-apex_oneworry-free_business_securityworry-free_business_security_serviceswindowsTrend Micro Apex One as a ServiceTrend Micro Apex OneWorry-Free Business Security
CWE ID-CWE-284
Improper Access Control
CVE-2025-47161
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.65% / 87.59%
||
7 Day CHG+0.93%
Published-15 May, 2025 | 19:21
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability

Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_endpointMicrosoft Defender for Endpoint for Linux
CWE ID-CWE-284
Improper Access Control
CVE-2024-23351
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.08% / 24.23%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 14:32
Updated-16 Dec, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Linux

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwareqcm8550_firmwaresw5100pwsa8845_firmwarewsa8832snapdragon_480_5g_mobileqca6595srv1mqca6678aqwcd9370qca6696wcd9395_firmwaresnapdragon_8\+_gen_1_mobilefastconnect_6700qcs6125_firmwaresnapdragon_685_4g_mobilewsa8815_firmwarewsa8832_firmwaresa8195p_firmwarewcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwareqam8295pqcm4490_firmwareqca6574auwcd9390sa8620p_firmwarewcn3950wsa8810_firmwareqcs6125flight_rb5_5gsa9000p_firmwaresrv1hqca6797aq_firmwaretalynplus_firmwareqcs5430sa8295p_firmwareqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresa8770pqcm6125_firmwaressg2115psw5100_firmwaresnapdragon_8_gen_3_mobile_firmwareqca6595_firmwareqcs7230fastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformsa7255pwcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarerobotics_rb5_firmwarewcd9380qam8255psxr2230pqcs4490snapdragon_680_4g_mobilewsa8845sa6155pqcm6125sxr1230pwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresa9000psrv1h_firmwaresw5100video_collaboration_vc3_platformqca6595ausnapdragon_4_gen_1_mobile_firmwaresxr2250p_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840qam8295p_firmwaresrv1m_firmwareqcs8550_firmwaresnapdragon_8_gen_2_mobile_firmwareqca6698aq_firmwaresnapdragon_4_gen_2_mobile_firmwarewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_680_4g_mobile_firmwaresa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobilesg8275pwcd9370_firmwareflight_rb5_5g_firmwaressg2125psa7255p_firmwareqca6574asnapdragon_8\+_gen_2_mobileqcm4490sa8195pqcs8250_firmwaresnapdragon_480\+_5g_mobile_firmwareqamsrv1mrobotics_rb5talynplusqcm6490qam8650p_firmwarevideo_collaboration_vc5_platformsm8550p_firmwaresxr2250pqcm8550wcn3988qcs6490_firmwarewcn3980_firmwareqrb5165n_firmwareqca6574sa8775pwsa8835qca6595au_firmwareqca6391_firmwaresxr2230p_firmwarewsa8840_firmwaresw5100p_firmwaresa8775p_firmwareqamsrv1hqca6696_firmwarewcd9380_firmwareqca6574_firmwaresa8155p_firmwarewsa8815sg4150psa8155psd_8_gen1_5gwsa8830qam8775pqca6797aqsnapdragon_ar2_gen_1_firmwaresm8550pqcm4325_firmwaresa8620psa8255p_firmwareqca6574a_firmwaresnapdragon_4_gen_1_mobileqamsrv1m_firmwaresnapdragon_4_gen_2_mobilesa8650p_firmwareqcm4325sd_8_gen1_5g_firmwarewcd9375_firmwareqca6391qcs5430_firmwareqca6698aqsg4150p_firmwaressg2125p_firmwarewcn3950_firmwareqrb5165nsa8295psa8770p_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sa8650pqam8775p_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375snapdragon_ar2_gen_1wcn3988_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaressg2115p_firmwareqcs6490qcs8250snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilewcn3980fastconnect_6200_firmwarewsa8830_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqcm4490_firmwareqcm5430_firmwareqcs6125_firmwareqcs7230_firmwareqam8650p_firmwareqcm6125_firmwarerobotics_rb5_platform_firmwareqcm8550_firmwarefastconnect_6900_firmwareqca6698aq_firmwareqca6391_firmwareqcs8550_firmwareqrb5165n_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqam8255p_firmwarefastconnect_6700_firmwareqca6797aq_firmwareqcs5430_firmwareqam8295p_firmwareflight_rb5_5g_platform_firmwareqam8775p_firmwareqamsrv1h_firmwarefastconnect_7800_firmwareqcm4325_firmwareqcs6490_firmwareqca6595_firmwareqca6574a_firmwaresa6155p_firmwareqcm6490_firmwareqca6678aq_firmwareqca6574_firmwareqca6574au_firmwareqcs8250_firmwarequalcomm_video_collaboration_vc5_platform_firmwareqcs4490_firmwarefastconnect_6200_firmwareqca6595au_firmwareqca6696_firmwareqamsrv1m_firmwarequalcomm_video_collaboration_vc1_platform_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2025-46691
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.20%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:31
Updated-02 Feb, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-PremierColor
CWE ID-CWE-284
Improper Access Control
CVE-2023-22618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.04% / 13.86%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 00:00
Updated-20 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.

Action-Not Available
Vendor-n/aNokia Corporation
Product-wavelite_metro_200_and_f2b_fanswavelite_metro_200_ne_and_f2b_fans_firmwarewavelite_metro_200_ne_ops_and_f2b_fanswavelite_metro_200_ops_and_fanswavelite_metro_200_and_fanwavelite_metro_200_ops_and_f2b_fans_firmwarewavelite_metro_200_ops_and_f2b_fanswavelite_metro_200_ne_and_f2b_fanswavelite_metro_200_ops_and_fans_firmwarewavelite_metro_200_and_fan_firmwarewavelite_metro_200_ne_ops_and_f2b_fans_firmwarewavelite_metro_200_and_f2b_fans_firmwaren/awavelite_metro_200_and_f2b_fanswavelite_metro_200_ne_ops_and_f2b_fanswavelite_metro_200_ops_and_fanswavelite_metro_200_and_fanwavelite_metro_200_ne_and_f2b_fans
CWE ID-CWE-284
Improper Access Control
CVE-2023-21642
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.06% / 17.66%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 05:08
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in HAB Memory Management

Memory corruption in HAB Memory management due to broad system privileges via physical address.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6145psa6155p_firmwaresa6150p_firmwaresa8145p_firmwareqca6696_firmwaresa8145pqca6696qam8295psa9000psa8150psa6150pqca6574ausa8155psa6145p_firmwaresa8155p_firmwareqam8295p_firmwaresa8195psa8540p_firmwaresa9000p_firmwaresa8150p_firmwareqca6574au_firmwaresa8195p_firmwaresa6155psa8540psa8295p_firmwaresa8295pSnapdragonsa6145p_firmwaresa6155p_firmwaresa8155p_firmwaresa6150p_firmwareqam8295p_firmwaresa8145p_firmwaresa8540p_firmwareqca6696_firmwaresa9000p_firmwareqca6574au_firmwaresa8150p_firmwaresa8195p_firmwaresa8295p_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2023-21488
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 8.62%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CVE-2021-34401
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.04%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 18:05
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidshield_experienceSHIELD TV
CWE ID-CWE-284
Improper Access Control
CVE-2022-45112
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.56%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-virtual_raid_on_cpuIntel(R) VROC software
CWE ID-CWE-284
Improper Access Control
CVE-2022-41690
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.08% / 22.55%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-retail_edge_programIntel(R) Retail Edge Mobile iOS application
CWE ID-CWE-284
Improper Access Control
CVE-2022-40972
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 28.12%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-24 Jan, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT drivers for Windows
CWE ID-CWE-284
Improper Access Control
CVE-2022-40529
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 9.41%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access control in Kernel

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwaresnapdragon_850_mobile_compute_platform_firmwaresm7325-ae_firmwaresa6150p_firmwaresm6250p_firmwareqcs610sc8180x-ab_firmwareqca6431_firmwareqam8775pwcn3950_firmwaresc8180x\+sdx55sa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155qca6335sdm712sdm670sm8350csra6620_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwarewcn685x-1sm7350-ab_firmwaresm4375wcn3998sc8180xp-adwcd9371_firmwareqam8295pwcn3950sm4125sd_8_gen1_5g_firmwaresm6375_firmwaresm7150-acqsm8350_firmwareqsm8350sd460_firmwaresm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwaresa6155_firmwaresm6225-adqca6420snapdragon_xr2\+_gen_1_platformsnapdragon_auto_5g_modem-rf_firmwaresc8180xp-afsmart_audio_400_platform_firmwarewcn3999sm6225-ad_firmwareqrb5165m_firmwareqrb5165_firmwareqca6698aqsc8180xp-aa_firmwareqcs6125sa4155p_firmwaresa8155_firmwarerobotics_rb3_platform_firmwaresd662_firmwaresm7250-ab_firmwareqca6430robotics_rb3_platformwcd9340sw5100qca6436sa6155pqca6698aq_firmwarewcn685x-1_firmwaresm8150_firmwarewcd9341qam8775p_firmwaresa8255pqca6431qca6696_firmwaresc8180xp-ab_firmwarewcd9371sc8180x-abqca6797aqwcn3910_firmwaresm4350_firmwaresd_8cxsa8150psm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresm7225_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988sm4250-aa_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresm6125_firmwaresa8295p_firmwaresnapdragon_675_mobile_platform_firmwaresm6375wcn3991wcd9380_firmwaressg2125psw5100psnapdragon_w5\+_gen_1_wearable_platformqca6564ausd670_firmwareqca6574snapdragon_7c\+_gen_3_computewcd9380sc8180xp-aaqcs410sm7150-aa_firmwaresxr1230pc-v2x_9150_firmwaresc8180xp-ad_firmwaresc8180x-ac_firmwareqcn9012_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225qcm4325_firmwarewcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910qcs8250qca6426_firmwaresm4450qca9984sc8180x-adwcn3980_firmwaresd730snapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresc7180-ac_firmwaresa8295psm7150-aasm6350sm8475_firmwarewcn6740_firmwareqca6421_firmwaresm7125qcs4490_firmwaresnapdragon_xr2_5g_platformar8031_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwaresm6350_firmwareqca6797aq_firmwarewcn785x-1_firmwaresdm710sd670qca6564a_firmwareqcm4290_firmwarewsa8832sc8180xp-ac_firmwaresw5100p_firmwaresa8540pqcs610_firmwareqsm8250sa6145par8031qcs4490qca6595_firmwaresa8145psc8280xp-bbqca6391_firmwaresa4150p_firmwarewcd9370_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psd675ssg2115p_firmwareqcs8155_firmwareqam8255psa4155par8035_firmwareqcm2290qsm8250_firmwarewcn3991_firmwarewsa8830snapdragon_662_mobile_platform_firmwaresxr2230p_firmwaresa8145p_firmwaresm6125sdm712_firmwaresnapdragon_850_mobile_compute_platformqcs2290_firmwareqam8650pwcn785x-5flight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwaresc8280xp-bb_firmwaresm7250-ac_firmwareqcs4290qca6420_firmwaresc7180-acqca6390_firmwaresnapdragon_auto_4g_modem_firmwaresd730_firmwarewcd9370sd675_firmwaressg2115pqca6564qca6426sc8280xp-abwcn3990_firmwareqrb5165n_firmwareqca9984_firmwaresm8450sm8250-absd_8cx_firmwarewcd9385_firmwarewcd9326_firmwaresd662qam8295p_firmwaresm7325-afqcn9011_firmwaresa8155snapdragon_x55_5g_modem-rf_systemsa9000p_firmwaresdx55_firmwareqca6595ausm7325-af_firmwarewcn3999_firmwaresm7250p_firmwareqca6436_firmwaresm4350-acqrb5165nsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwaresa6155p_firmwareqca6310qcs8155sm6225qcs6490qcs8550_firmwaresm8250_firmwarevision_intelligence_300_platform_firmwaresm8250-acwcn3988_firmwareqcn9074sa6145p_firmwareqca6421sm7250-aasm6250c-v2x_9150sa8195psxr1120sdm710_firmwarewsa8810_firmwaresm4375_firmwarevision_intelligence_400_platformsm8450_firmwaresc7180-adwcd9326wcd9335snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresg4150pqcm4490qca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresm7150-absc8180x-acqca6390wcd9375ar8035aqt1000sc8180x\+sdx55_firmwaresm6250_firmwarevision_intelligence_400_platform_firmwaresnapdragon_662_mobile_platformsm8150wsa8815_firmwareqcm6490wsa8835_firmwaresm7350-absxr1120_firmwareqca6564asa4150psg4150p_firmwarewcn785x-1qcm6125_firmwareqcm4325qcm2290_firmwaresnapdragon_845_mobile_platformwcn3990sd_675sd865_5gqca6595sm8350-ac_firmwaresm8150-acqcn9012sd888wsa8835sxr1230p_firmwaresc7180-ad_firmwaresa8540p_firmwaresnapdragon_auto_5g_modem-rfsd_8_gen1_5gsm6250psc8180xp-acsxr2130ssg2125p_firmwareqca6574asmart_audio_400_platformwcn685x-5_firmwaresc8180x-afqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresa9000pqca6574_firmwaresm7250-absd855sm4125_firmwaresm7325p_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwareqca6574a_firmwareqrb5165mwcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwarevision_intelligence_300_platformsd460qca6391sm8250-ab_firmwaresc8280xp-ab_firmwareaqt1000_firmwareqcm4490_firmwaresnapdragon_845_mobile_platform_firmwaresnapdragon_auto_4g_modemqcm4290qcm6490_firmwarewsa8832_firmwaresnapdragon_xr1_platformwcn685x-5qcn9011sm6225_firmwaresc8180xp-af_firmwareqca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwareqcm6125wsa8810sm7250-aa_firmwaresc8180x-aa_firmwaresm7250-acsm8150-ac_firmwaresnapdragon_ar2_gen_1_platformsc8180x-aasm8350-acqca6564_firmwareqam8650p_firmwaresnapdragon_675_mobile_platformsc8180x-af_firmwarewcn6740qca6696qcs8550sm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsa6150psc8180xp-absc8180x-ad_firmwaresm7250psw5100_firmwareqcn9074_firmwareqcs410_firmwaresnapdragon_xr1_platform_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-39854
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.27%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CVE-2022-38786
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 24.85%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-30 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-battery_life_diagnostic_toolIntel Battery Life Diagnostic Tool software
CWE ID-CWE-284
Improper Access Control
CVE-2022-37341
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.03% / 9.93%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-07 Jan, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_controller_i225-lm_firmwareethernet_controller_i225-v_firmwareethernet_controller_i225-itethernet_adapter_complete_driverethernet_controller_i225-lmethernet_controller_i225-it_firmwareethernet_controller_i225-vIntel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmwareethernet_network_adapter_x710-t4lethernet_network_adapter_xl710-qda2_for_open_compute_projectethernet_network_adapter_e810-xxvda2ethernet_network_adapter_e810-2cqda2ethernet_network_adapter_e810-xxvda4ethernet_network_adapter_e810-xxvda2_for_ocp_3.0ethernet_network_adapter_x710-t4l_for_ocp_3.0ethernet_network_adapter_xl710-qda1_for_open_compute_project
CWE ID-CWE-284
Improper Access Control
CVE-2022-36864
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.05% / 15.54%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-samsung_emailSamsung Email
CWE ID-CWE-284
Improper Access Control
CVE-2022-36789
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.61%
||
7 Day CHG-0.07%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_10_performance_mini_pc_nuc10i7fnkpanuc_10_performance_kit_nuc10i7fnk_firmwarenuc_10_performance_mini_pc_nuc10i7fnhjanuc_10_performance_kit_nuc10i5fnhnnuc_10_performance_kit_nuc10i7fnhc_firmwarenuc_10_performance_kit_nuc10i3fnh_firmwarenuc_10_performance_kit_nuc10i5fnhjnuc_10_performance_kit_nuc10i7fnhnuc_10_performance_kit_nuc10i3fnhn_firmwarenuc_10_performance_mini_pc_nuc10i3fnhja_firmwarenuc_10_performance_kit_nuc10i3fnknnuc_10_performance_kit_nuc10i3fnk_firmwarenuc_10_performance_kit_nuc10i5fnhn_firmwarenuc_10_performance_mini_pc_nuc10i5fnhja_firmwarenuc_10_performance_mini_pc_nuc10i3fnhfanuc_10_performance_kit_nuc10i7fnhcnuc_10_performance_kit_nuc10i5fnkn_firmwarenuc_10_performance_kit_nuc10i3fnhnuc_10_performance_kit_nuc10i3fnhf_firmwarenuc_10_performance_mini_pc_nuc10i5fnhcanuc_10_performance_kit_nuc10i5fnknnuc_10_performance_kit_nuc10i7fnhn_firmwarenuc_10_performance_kit_nuc10i3fnhnnuc_10_performance_kit_nuc10i5fnhj_firmwarenuc_10_performance_kit_nuc10i3fnhfnuc_10_performance_mini_pc_nuc10i7fnhaanuc_10_performance_mini_pc_nuc10i7fnkpa_firmwarenuc_10_performance_kit_nuc10i5fnkpnuc_10_performance_kit_nuc10i7fnhnnuc_10_performance_mini_pc_nuc10i7fnhja_firmwarenuc_10_performance_kit_nuc10i5fnkp_firmwarenuc_10_performance_kit_nuc10i5fnhnuc_10_performance_mini_pc_nuc10i3fnhfa_firmwarenuc_10_performance_kit_nuc10i7fnknnuc_10_performance_kit_nuc10i5fnhfnuc_10_performance_mini_pc_nuc10i7fnhaa_firmwarenuc_10_performance_kit_nuc10i3fnkn_firmwarenuc_10_performance_kit_nuc10i7fnkn_firmwarenuc_10_performance_kit_nuc10i7fnkp_firmwarenuc_10_performance_kit_nuc10i5fnknuc_10_performance_kit_nuc10i5fnh_firmwarenuc_10_performance_kit_nuc10i7fnh_firmwarenuc_10_performance_kit_nuc10i7fnknuc_10_performance_mini_pc_nuc10i3fnhjanuc_10_performance_mini_pc_nuc10i5fnkpanuc_10_performance_kit_nuc10i7fnkpnuc_10_performance_mini_pc_nuc10i5fnhca_firmwarenuc_10_performance_kit_nuc10i5fnk_firmwarenuc_10_performance_mini_pc_nuc10i5fnhjanuc_10_performance_kit_nuc10i5fnhf_firmwarenuc_10_performance_kit_nuc10i3fnknuc_10_performance_mini_pc_nuc10i5fnkpa_firmwareIntel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs
CWE ID-CWE-284
Improper Access Control
CVE-2022-34457
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.05% / 13.97%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 11:38
Updated-03 Apr, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-37155
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.11%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 18:40
Updated-04 Dec, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Privilege Escalation Allows Unauthorized Access in Network Management Interface

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-arubaos-cxHPE Aruba Networking AOS-CX
CWE ID-CWE-284
Improper Access Control
CVE-2021-42855
Matching Score-4
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
ShareView Details
Matching Score-4
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 16:51
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to misconfigured write permission on .debug_command.config file

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.

Action-Not Available
Vendor-riverbedAternity
Product-steelcentral_appinternals_dynamic_sampling_agentSteelCentral AppInternals Dynamic Sampling Agent
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2016-10408
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.54%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:56
Updated-09 Jan, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Core.

QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-9206_lte_modemsd820_firmwareapq8037_firmwaresd626_firmware9206_lte_modem_firmwaresd626apq8037sd820sd821sd821_firmwareSnapdragonsd626_firmware9206_lte_modem_firmwaresd820_firmwareapq8037_firmwaresd821_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2025-30100
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.43%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 01:10
Updated-14 Jan, 2026 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-284
Improper Access Control
CVE-2025-27062
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.82%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:26
Updated-28 Nov, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Automotive Multimedia

Memory corruption while handling client exceptions, allowing unauthorized channel access.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380snapdragon_x12_lte_modem_firmwaresmart_audio_400_platform_firmware315_5g_iot_modem_firmwareqca6564qcs6490_firmwaresnapdragon_888_5g_mobile_platform_firmwaresdx55qca6688aqsnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8650psa6155pqamsrv1m_firmwarewcn3680bsnapdragon_720g_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwaremdm9650snapdragon_8\+_gen_2_mobile_platformsnapdragon_820_automotive_platform_firmwareqcs8550sdx61snapdragon_8_gen_2_mobile_platform_firmwaresm7325p_firmwaresrv1l_firmwareqam8255p_firmwaresdx61_firmwaresa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformqamsrv1h_firmwarewcd9341_firmwaresnapdragon_auto_5g_modem-rf_gen_2wcd9360_firmwareqam8295psm7675wcd9385_firmwareqcm6490_firmwaresnapdragon_x62_5g_modem-rf_systemsa7255p_firmwareqca6391sa8295p_firmwareqca6584au_firmwaresnapdragon_480_5g_mobile_platformqcs6490snapdragon_x62_5g_modem-rf_system_firmwarewsa8810sm8635p_firmwaresm8650q_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwareqcs610qcn9024sm7315wsa8815srv1hvideo_collaboration_vc5_platformsnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwaresg4150pvideo_collaboration_vc5_platform_firmwaresm8550p_firmwarevideo_collaboration_vc3_platform_firmwareqca6574au_firmwaresm6370wcd9378snapdragon_662_mobile_platform_firmwareqca6595au_firmwaresnapdragon_460_mobile_platformsnapdragon_8_gen_2_mobile_platformwcn3680b_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwareqcs8250_firmwarecsra6620wcn3980qca6584ausm6650p_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)sm7635p_firmwaresa8150pqcs610_firmwaresm6650psnapdragon_660_mobile_platformqca6797aqsa8145p_firmwareqam8650p_firmwareqca6564asnapdragon_x12_lte_modemsmart_audio_400_platformsa8155pqcm6125sw5100_firmwarewcd9385qcs410wcd9380_firmwareqcn6024qca9377_firmwaresnapdragon_680_4g_mobile_platformqca6574aqca6564_firmwarewsa8845_firmwarewcd9341sa7255pqcs8155_firmwaresnapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwarefastconnect_6200sd888qca8337_firmwarewcn3988_firmwarecsra6640_firmwareqca6698aqwsa8832snapdragon_660_mobile_platform_firmwareqsm8350_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)wcd9370sm7675pqca8081_firmwareqca6698aq_firmwarecsra6640apq8064au_firmwareqca6574a_firmwarewsa8832_firmwaresa8650psw5100psa4150psa2150p_firmwareqca6678aq_firmwareqsm8350snapdragon_680_4g_mobile_platform_firmwaresm8550pwcd9378_firmwaresm6650sm7315_firmwaresa8145pwsa8845h_firmwarewcd9395_firmwareapq8064aufastconnect_6900_firmwareqca6678aqsa8195psa9000pwsa8835_firmwaresnapdragon_4_gen_1_mobile_platformsa8295psnapdragon_888_5g_mobile_platformwcd9390ar8035sa8775p_firmwaresdx55_firmwaresm7675p_firmwareqam8775pwcn3988qca6696_firmwaresd660_firmwareqca6797aq_firmwareqcs8250qca6564au_firmwaresa8650p_firmwaresm7675_firmwaresnapdragon_780g_5g_mobile_platformsrv1mcsra6620_firmwarewcd9395snapdragon_662_mobile_platformqcs410_firmwarewcn6755_firmwarewsa8810_firmwaresnapdragon_x65_5g_modem-rf_system_firmwarewcn6650wcd9360sd660qcm4325wsa8840snapdragon_778g_5g_mobile_platformqca9377wsa8840_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarefastconnect_6700_firmwaresnapdragon_685_4g_mobile_platform_\(sm6225-ad\)sa8155_firmwaresnapdragon_782g_mobile_platform_\(sm7325-af\)_firmwarefastconnect_6700qca6696wcn3950_firmwarewcn3980_firmwareqcs8550_firmwarewsa8845hsa4155p_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_720g_mobile_platform_firmwaresm7635psa2150pqam8295p_firmwaresm7635_firmwaresm7325pqcn6024_firmwarewcd9370_firmwarewcn3660bar8035_firmwaresrv1lwsa8845msm8996ausnapdragon_695_5g_mobile_platform_firmwaresa8155qamsrv1hqca6574qcm6125_firmwarewcn6740_firmwaresa6150p_firmwaresa8255p_firmwaresg4150p_firmwareqcs7230_firmwaresa6155snapdragon_782g_mobile_platform_\(sm7325-af\)snapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwarefastconnect_7800_firmwareqcs8155sa7775psnapdragon_820_automotive_platformvideo_collaboration_vc1_platformsa8620p_firmwareqcs7230snapdragon_695_5g_mobile_platformsnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)sa8770psrv1m_firmwarewcd9375qca6574_firmwaresa8620psnapdragon_auto_5g_modem-rfsa6145p_firmwaresm6370_firmwareqca6595_firmwareqam8775p_firmwareqca6391_firmwarewcn6755sa8195p_firmwaresnapdragon_x65_5g_modem-rf_systemwcn6740sm7635qca8081snapdragon_8_gen_3_mobile_platformqca6688aq_firmwareqcm4325_firmwarewcd9335_firmwaresd888_firmwaresm8635sw5100p_firmwaresa6155_firmwaresa7775p_firmwarewcd9335sa8775pwsa8815_firmwaresa9000p_firmwarewcn6650_firmwarewcd9390_firmwaremsm8996au_firmwarefastconnect_6900qam8255pvideo_collaboration_vc3_platformfastconnect_6200_firmwarewsa8835wcd9375_firmwarewcn3660b_firmwareqca6564ausa6150pqam8620pqca6595ausnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwareqcn9024_firmwaresa6155p_firmwaremdm9650_firmwarec-v2x_9150qamsrv1msa4155pwcn3950srv1h_firmwaresm6650_firmwarefastconnect_7800sa6145psm8635psm8650qsnapdragon_8_gen_3_mobile_platform_firmwareqca6174a_firmwareqca6564a_firmwareqca6174asnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwareqca8337sw5100wcn3990_firmwareqam8620p_firmware315_5g_iot_modemwcn3990wsa8830qca6574auwsa8830_firmwaresa8155p_firmwaresa8770p_firmwareqcm6490c-v2x_9150_firmwareqca6595sa8255psm8635_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2025-27689
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.96%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 20:36
Updated-13 Jan, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-idrac_toolsiDRAC Tools
CWE ID-CWE-284
Improper Access Control
CVE-2025-24916
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 1.36%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 15:46
Updated-23 Oct, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control leads to Local Priviledge Escalation

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.

Action-Not Available
Vendor-Tenable, Inc.Microsoft Corporation
Product-nessus_network_monitorwindowsNetwork Monitor
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found