Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-20563

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-14 Nov, 2023 | 18:54
Updated At-22 Oct, 2024 | 13:44
Rejected At-
Credits

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:14 Nov, 2023 | 18:54
Updated At:22 Oct, 2024 | 13:44
Rejected At:
▼CVE Numbering Authority (CNA)

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”
Package Name
PI
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 7000 Series Desktop Processors “Raphael” XD3
Package Name
PI
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”
Package Name
PI
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"
Package Name
PI
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”
Package Name
PI
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”
Package Name
PI
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”
Package Name
PI
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8
Package Name
PI
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Ryzen™ Embedded R1000
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Ryzen™ Embedded R2000
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Ryzen™ Embedded 5000
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Ryzen™ Embedded V3000
Default Status
unaffected
Versions
Affected
  • various
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
vendor-advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
Resource:
vendor-advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
vendor-advisory
x_transferred
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
vendor-advisory
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
Resource:
vendor-advisory
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_5000_series_desktop_processors_with_radeon_graphics
CPEs
  • cpe:2.3:h:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • ComboAM4V2 1.2.0.B *(2023-08-25)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_7000_series_desktop_processors
CPEs
  • cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • ComboAM5 1.0.7.0 (2023-04-18)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_5000_series_mobile_processors_with_radeon_graphics
CPEs
  • cpe:2.3:h:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • CezannePI-FP6 1.0.0.F (2023-06-20)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_6000_series_processors_with_radeon_graphics
CPEs
  • cpe:2.3:h:amd:ryzen_6000_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • RembrandtPI-FP7 1.0.0.9 (2023-05-16)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_7035_series_processors_with_radeon_graphics
CPEs
  • cpe:2.3:h:amd:ryzen_7035_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • RembrandtPI-FP7 1.0.0.9 (2023-05-16)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_5000_series_processors_with_radeon_graphics
CPEs
  • cpe:2.3:h:amd:ryzen_5000_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • CezannePI-FP6 1.0.0.F (2023-06-20)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_7030_series_mobile_processors_with_radeon_graphics
CPEs
  • cpe:2.3:h:amd:ryzen_7030_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • CezannePI-FP6 1.0.0.F (2023-06-20)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_7040_series_mobile_processors_with_radeon_graphics
CPEs
  • cpe:2.3:h:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • PhoenixPI-FP8-FP7 PI 1.0.0.1g (2023-05-11)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_embedded_r1000
CPEs
  • cpe:2.3:h:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • EmbeddedPI-FP5 1.2.0.A (2023-07-31)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_embedded_r2000
CPEs
  • cpe:2.3:h:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • EmbeddedPI-FP5 1.0.0.2 (2023-07-31)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_embedded_5000
CPEs
  • cpe:2.3:h:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • EmbAM4PI 1.0.0.3 (2023-07-31)
Vendor
Advanced Micro Devices, Inc.amd
Product
ryzen_embedded_v3000
CPEs
  • cpe:2.3:h:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • EmbeddedPI-FP7r2 1.0.0.6 (2023-09-15)
Problem Types
TypeCWE IDDescription
CWECWE-noinfoCWE-noinfo Not enough information
Type: CWE
CWE ID: CWE-noinfo
Description: CWE-noinfo Not enough information
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:14 Nov, 2023 | 19:15
Updated At:22 Oct, 2024 | 14:35

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Advanced Micro Devices, Inc.
amd
>>ryzen_3_5100>>-
cpe:2.3:h:amd:ryzen_3_5100:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3_5100_firmware>>Versions before comboam4v2_1.2.0.b(exclusive)
cpe:2.3:o:amd:ryzen_3_5100_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3_5300g>>-
cpe:2.3:h:amd:ryzen_3_5300g:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3_5300g_firmware>>Versions before comboam4v2_1.2.0.b(exclusive)
cpe:2.3:o:amd:ryzen_3_5300g_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3_5300ge>>-
cpe:2.3:h:amd:ryzen_3_5300ge:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3_5300ge_firmware>>Versions before comboam4v2_1.2.0.b(exclusive)
cpe:2.3:o:amd:ryzen_3_5300ge_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_5500>>-
cpe:2.3:h:amd:ryzen_5_5500:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_5500_firmware>>Versions before comboam4v2_1.2.0.b(exclusive)
cpe:2.3:o:amd:ryzen_5_5500_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_5600g>>-
cpe:2.3:h:amd:ryzen_5_5600g:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_5600g_firmware>>Versions before comboam4v2_1.2.0.b(exclusive)
cpe:2.3:o:amd:ryzen_5_5600g_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_5600ge>>-
cpe:2.3:h:amd:ryzen_5_5600ge:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_5600ge_firmware>>Versions before comboam4v2_1.2.0.b(exclusive)
cpe:2.3:o:amd:ryzen_5_5600ge_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_5700>>-
cpe:2.3:h:amd:ryzen_7_5700:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_5700_firmware>>Versions before comboam4v2_1.2.0.b(exclusive)
cpe:2.3:o:amd:ryzen_7_5700_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_5700g>>-
cpe:2.3:h:amd:ryzen_7_5700g:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_5700g_firmware>>Versions before comboam4v2_1.2.0.b(exclusive)
cpe:2.3:o:amd:ryzen_7_5700g_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_5700ge_firmware>>Versions before comboam4v2_1.2.0.b(exclusive)
cpe:2.3:o:amd:ryzen_7_5700ge_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_5700ge>>-
cpe:2.3:h:amd:ryzen_7_5700ge:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_7500f_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_5_7500f_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_7500f>>-
cpe:2.3:h:amd:ryzen_5_7500f:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_7600_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_5_7600_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_7600>>-
cpe:2.3:h:amd:ryzen_5_7600:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_7600x_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_5_7600x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5_7600x>>-
cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_7700_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_7_7700_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_7700>>-
cpe:2.3:h:amd:ryzen_7_7700:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_7700x_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_7_7700x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_7700x>>-
cpe:2.3:h:amd:ryzen_7_7700x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_7800x3d_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_7_7800x3d_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_7_7800x3d>>-
cpe:2.3:h:amd:ryzen_7_7800x3d:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_9_7900_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_9_7900_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_9_7900>>-
cpe:2.3:h:amd:ryzen_9_7900:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_9_7900x_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_9_7900x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_9_7900x>>-
cpe:2.3:h:amd:ryzen_9_7900x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_9_7900x3d_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_9_7900x3d_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_9_7900x3d>>-
cpe:2.3:h:amd:ryzen_9_7900x3d:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_9_7950x_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_9_7950x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_9_7950x>>-
cpe:2.3:h:amd:ryzen_9_7950x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_9_7950x3d_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_9_7950x3d_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_9_7950x3d>>-
cpe:2.3:h:amd:ryzen_9_7950x3d:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_pro_3900_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_pro_3900_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_pro_3900>>-
cpe:2.3:h:amd:ryzen_pro_3900:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_pro_7645_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_pro_7645_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_pro_7645>>-
cpe:2.3:h:amd:ryzen_pro_7645:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_pro_7745_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_pro_7745_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_pro_7745>>-
cpe:2.3:h:amd:ryzen_pro_7745:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_pro_7945_firmware>>Versions before comboam5_1.0.7.0(exclusive)
cpe:2.3:o:amd:ryzen_pro_7945_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_pro_7945>>-
cpe:2.3:h:amd:ryzen_pro_7945:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3_5125c_firmware>>Versions before cezannepi-fp6_1.0.0.f(exclusive)
cpe:2.3:o:amd:ryzen_3_5125c_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3_5125c>>-
cpe:2.3:h:amd:ryzen_3_5125c:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002psirt@amd.com
Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001psirt@amd.com
N/A
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
Source: psirt@amd.com
Resource:
Vendor Advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
Source: psirt@amd.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

728Records found
CVE-2021-26331
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.79%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:09
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7451epyc_7252_firmwareepyc_7282_firmwareepyc_7543_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7551_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7351p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7401pepyc_7281_firmwareepyc_7413_firmwareepyc_7302epyc_7601epyc_7232pepyc_7002epyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7001epyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_7001_firmwareepyc_75f3_firmwareepyc_7662_firmwareepyc_7f72_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7281epyc_7551epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7401p_firmwareepyc_7002_firmwareepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7763epyc_7302_firmwareepyc_7713_firmwareepyc_7401epyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7003epyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7351epyc_7313_firmwareepyc_7543pepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_74f3epyc_7352_firmwareepyc_7301_firmwareepyc_73f32nd Gen AMD EPYC™3rd Gen AMD EPYC™1st Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26392
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.31%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:44
Updated-16 Sep, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xradeon_pro_w5500xamd_3020e_firmwareryzen_5_3580uradeon_rx_vega_64ryzen_3_pro_3200ge_firmwareathlon_silver_3050u_firmwareathlon_silver_3050e_firmwareryzen_3_3250cradeon_rx_6600ryzen_3_3100_firmwareamd_3015eryzen_9_3900xradeon_rx_5300ryzen_9_5900x_firmwareryzen_5_pro_3350ge_firmwareradeon_rx_vega_56ryzen_5_2500uathlon_gold_3150c_firmwareryzen_9_5980hxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900_firmwareryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_5_3600xt_firmwareryzen_3_5300geryzen_3_2300uryzen_5_3600x_firmwareryzen_7_3750h_firmwareradeon_rx_6700sryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960xradeon_rx_5700mamd_3020eryzen_threadripper_pro_3975wxathlon_pro_3145bryzen_5_5560uryzen_3_2200g_firmwareradeon_rx_5700ryzen_threadripper_pro_5945wxryzen_3_pro_3200geryzen_3_pro_3200g_firmwareryzen_5_2500u_firmwareradeon_rx_5700_xtryzen_3_3100ryzen_3_pro_3200gryzen_7_3750hradeon_rx_5500mryzen_7_5700u_firmwareryzen_3_2200u_firmwareathlon_silver_3050eryzen_3_3200gryzen_7_3780uryzen_9_5900hsryzen_3_2200uradeon_rx_6500_xtryzen_3_3250c_firmwareradeon_rx_6950_xtryzen_7_5700gryzen_9_5980hsryzen_5_2400geryzen_7_3700cryzen_5_pro_3350g_firmwareryzen_7_3800xt_firmwareryzen_5_5500u_firmwareryzen_7_5800h_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xenterprise_driverradeon_pro_softwareryzen_5_2600hryzen_5_3500uradeon_rx_5600mryzen_5_5500ryzen_7_2700uryzen_3_5400uradeon_softwareathlon_pro_3045bryzen_7_2800hryzen_5_5600_firmwareryzen_7_5800xryzen_5_3550hradeon_rx_6700ryzen_threadripper_3990x_firmwareryzen_7_3780u_firmwareryzen_9_3900radeon_rx_6400radeon_rx_6800athlon_silver_3050c_firmwareryzen_5_5600x_firmwareryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_7_5800x3dryzen_3_5300gryzen_9_5900ryzen_5_pro_3350gryzen_5_5600ge_firmwareryzen_9_5980hs_firmwareryzen_threadripper_3990xryzen_5_3500c_firmwareryzen_5_3400g_firmwareryzen_5_5600hs_firmwareathlon_gold_3150uryzen_3_3350u_firmwareradeon_pro_w6800xradeon_rx_5600_xtryzen_threadripper_pro_5955wxryzen_5_5500uryzen_3_5400u_firmwareryzen_5_5600h_firmwareathlon_silver_3050cryzen_7_5800ryzen_3_3300u_firmwareradeon_rx_6600sryzen_7_3800xryzen_5_2400ge_firmwareryzen_5_2400gradeon_rx_6800sryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_5_3580u_firmwareryzen_3_2200geryzen_5_3500cryzen_3_3300x_firmwareryzen_5_5600hryzen_5_pro_3400g_firmwareryzen_9_3900xt_firmwareryzen_3_5300u_firmwareryzen_3_3300uryzen_3_5300uryzen_threadripper_pro_5945wx_firmwareradeon_rx_6900_xtryzen_5_5600gryzen_5_3600xtryzen_5_3500x_firmwareryzen_9_3900xtryzen_5_3550h_firmwareradeon_pro_w6400ryzen_5_5600uryzen_threadripper_pro_5975wxathlon_pro_3045b_firmwareryzen_3_2300u_firmwareradeon_rx_5500radeon_pro_w5700ryzen_9_5900hx_firmwareryzen_5_3500xryzen_9_5950x_firmwareryzen_5_5600geradeon_rx_5300_xtryzen_7_3700u_firmwareryzen_7_5800x_firmwareryzen_3_5300ge_firmwareryzen_7_2700u_firmwareryzen_5_pro_3400gryzen_7_5700geryzen_5_3450uradeon_rx_6850m_xtryzen_3_2200ge_firmwareradeon_rx_6600_xtradeon_rx_6650_xtryzen_7_3800x_firmwareathlon_pro_3145b_firmwareryzen_7_2800h_firmwareryzen_5_pro_3350geradeon_pro_w6600mryzen_7_5700uradeon_pro_w6600xryzen_threadripper_pro_3945wx_firmwareamd_3015ce_firmwareryzen_9_5900hs_firmwareradeon_pro_w6600ryzen_5_5600u_firmwareryzen_5_3600xryzen_3_3200g_firmwareradeon_rx_6800_xtryzen_7_3800xtryzen_7_5700g_firmwareryzen_threadripper_pro_5975wx_firmwareryzen_9_3950x_firmwareradeon_pro_w6900xryzen_threadripper_pro_3995wxradeon_rx_5300mradeon_pro_w6800radeon_rx_6600mradeon_pro_w5700xryzen_7_3700c_firmwareradeon_rx_6750_xtryzen_7_5700x_firmwareryzen_3_5300g_firmwareryzen_threadripper_pro_3955wxradeon_rx_5500_xtryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_7_3700uathlon_silver_3050uryzen_3_3350uryzen_5_3500_firmwareryzen_3_2200gryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareradeon_rx_6300mamd_3015ceryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareradeon_rx_6800mryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxradeon_rx_vega_56_firmwareradeon_rx_vega_64_firmwareryzen_7_5800uryzen_9_5900hxradeon_pro_w6800x_duoradeon_rx_6650mradeon_rx_6650m_xtradeon_rx_6700_xtryzen_5_5600g_firmwareathlon_gold_3150cradeon_rx_6700mryzen_3_3250uryzen_5_2400g_firmwareathlon_gold_3150u_firmwareradeon_pro_w5500ryzen_5_pro_3400geryzen_9_3950xradeon_rx_5600ryzen_5_5600ryzen_threadripper_3970xryzen_5_3500ryzen_7_5800hradeon_pro_w6500mryzen_5_3450u_firmwareamd_3015e_firmwareryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_3_3250u_firmwareryzen_5_3500u_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_5_pro_3400ge_firmwareryzen_7_5800hs_firmwareryzen_threadripper_pro_5995wx_firmwareradeon_pro_w6300mradeon_rx_6500mryzen_7_5700ge_firmwareryzen_7_5700xAMD Radeon RX 5000 Series & PRO W5000 SeriesAMD Ryzen™ Embedded V2000AMD Ryzen™Embedded V3000AMD Ryzen™ Embedded V1000AMD Ryzen™ Embedded 5000AMD Radeon RX 6000 Series & PRO W6000 SeriesAMD Ryzen™ Embedded R2000AMD Ryzen™ Embedded R1000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26316
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.09%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 19:46
Updated-09 Apr, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xepyc_7543epyc_7402athlon_silver_3050u_firmwareathlon_silver_3050e_firmwareathlon_3150g_firmwareepyc_7f32epyc_7713pepyc_7443epyc_7513ryzen_9_5900x_firmwareathlon_silver_pro_3125ge_firmwareryzen_5_2500uathlon_gold_3150c_firmwareryzen_9_5980hxepyc_7453ryzen_3_5300geryzen_3_2300uryzen_5_5600hsathlon_gold_pro_3150gryzen_7_5825uryzen_7_5825u_firmwareepyc_7542athlon_silver_pro_3125geepyc_7413_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_2950xryzen_threadripper_pro_3975wxathlon_pro_3145bepyc_7002epyc_7643_firmwareryzen_3_2200g_firmwareepyc_7f52ryzen_threadripper_pro_5945wxepyc_7373x_firmwareryzen_5_2500u_firmwareepyc_7f32_firmwareathlon_silver_3050geepyc_75f3_firmwareryzen_3_2200u_firmwareathlon_silver_3050eryzen_3_2200uryzen_7_5700gryzen_threadripper_2920xryzen_5_2400geryzen_7_5825c_firmwareepyc_7573x_firmwareryzen_5_2600ryzen_7_2700x_firmwareryzen_5_2600hryzen_5_pro_2500uryzen_5_5500ryzen_3_5400uathlon_gold_pro_3150geepyc_7713ryzen_5_5600_firmwareepyc_7003athlon_gold_3150geryzen_5_5600x_firmwareryzen_9_5980hs_firmwareryzen_7_5800x3dryzen_5_5600ge_firmwareryzen_7_2700_firmwareathlon_3150ge_firmwareryzen_5_2700xryzen_5_5600h_firmwareryzen_5_2600_firmwareryzen_7_5800ryzen_5_2400ge_firmwareryzen_5_2400gryzen_3_pro_2300u_firmwareryzen_9_5950xryzen_pro_5650ge_firmwareryzen_5_5500_firmwareepyc_7743ryzen_3_2200geepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7542_firmwareryzen_5_pro_2500u_firmwareryzen_threadripper_pro_5945wx_firmwareepyc_7313p_firmwareepyc_7252epyc_7502pryzen_5_5600uathlon_pro_3045b_firmwareryzen_5_5600geryzen_7_2700u_firmwareryzen_pro_2400geryzen_7_2800h_firmwareryzen_9_5900hs_firmwareryzen_threadripper_pro_3945wx_firmwareepyc_72f3_firmwareepyc_7662epyc_7642ryzen_threadripper_pro_5975wx_firmwareryzen_pro_5350ge_firmwareepyc_7502p_firmwareepyc_7413ryzen_7_2700xryzen_pro_2400g_firmwareepyc_7313ryzen_7_5700x_firmwareepyc_7663_firmwareryzen_threadripper_pro_3955wxepyc_7302pryzen_pro_2400gepyc_74f3_firmwareathlon_silver_3050uryzen_3_5425uepyc_7763ryzen_3_2200gryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareryzen_9_5980hx_firmwareepyc_7402_firmwareepyc_7713p_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_threadripper_pro_3795wx_firmwareepyc_7f52_firmwareryzen_7_5825cryzen_7_5800uryzen_pro_5650gryzen_5_5600g_firmwareryzen_5_2400g_firmwareryzen_7_pro_2700u_firmwareepyc_7402p_firmwareryzen_threadripper_2990wxryzen_5_5600ryzen_3_5425c_firmwareryzen_7_5800hepyc_7543pepyc_7453_firmwareryzen_threadripper_pro_3975wx_firmwareathlon_gold_3150ge_firmwareryzen_pro_5750gryzen_7_5700uryzen_7_5700ge_firmwareathlon_3150geathlon_gold_pro_3150ge_firmwareepyc_7502_firmwareryzen_5_2700x_firmwareepyc_7262_firmwareepyc_7282_firmwareepyc_7272_firmwareepyc_7573xryzen_threadripper_2950x_firmwareepyc_7232p_firmwareepyc_7702ryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900_firmwareryzen_threadripper_pro_5995wxryzen_pro_5750geepyc_7373xepyc_7513_firmwareryzen_pro_5650geryzen_5_5700geepyc_7h12_firmwareryzen_5_5560uepyc_75f3ryzen_pro_5650g_firmwareepyc_7743_firmwareepyc_7f72_firmwareepyc_7662_firmwareepyc_7502ryzen_7_5700u_firmwareepyc_7343_firmwareryzen_9_5900hsepyc_7313pepyc_7002_firmwareathlon_silver_3050ge_firmwareryzen_9_5980hsryzen_3_5125c_firmwareryzen_5_5500u_firmwareryzen_7_2700ryzen_7_5800h_firmwareryzen_pro_5750g_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_5_5625c_firmwareepyc_7352ryzen_5_5625cryzen_pro_5350gepyc_7713_firmwareepyc_7742epyc_7272ryzen_7_2700uathlon_pro_3045bepyc_7003_firmwareepyc_7443p_firmwareryzen_7_2800hryzen_7_5800xathlon_3150gepyc_7773xathlon_silver_3050c_firmwareryzen_5_2600x_firmwareryzen_3_5300gryzen_9_5900ryzen_pro_2200ge_firmwareryzen_5_5600hs_firmwareathlon_gold_3150uryzen_threadripper_pro_5955wxryzen_pro_2200gryzen_5_5500uryzen_3_5400u_firmwareryzen_pro_2400ge_firmwareepyc_7742_firmwareathlon_silver_3050cryzen_threadripper_pro_3795wxathlon_3050ge_firmwareryzen_pro_5350g_firmwareryzen_threadripper_2990wx_firmwareryzen_7_pro_2700uryzen_5_5600hryzen_3_5300u_firmwareepyc_7763_firmwareryzen_3_5300uryzen_3_5425cryzen_5_5600gryzen_3_5425u_firmwareathlon_3050geryzen_threadripper_pro_5975wxepyc_7302p_firmwareryzen_3_2300u_firmwareryzen_9_5900hx_firmwareryzen_9_5950x_firmwareepyc_7642_firmwareryzen_threadripper_2970wxepyc_7h12epyc_7452ryzen_7_5800x_firmwareepyc_7543p_firmwareryzen_3_5300ge_firmwareryzen_5_2600xryzen_5_5625uryzen_threadripper_2920x_firmwareryzen_7_5700geepyc_7302athlon_pro_3145b_firmwareryzen_3_2200ge_firmwareryzen_3_5125cryzen_pro_5750ge_firmwareepyc_7232pryzen_5_5700gepyc_7663ryzen_5_5600u_firmwareepyc_7552_firmwareepyc_7773x_firmwareepyc_7f72ryzen_7_5700g_firmwareryzen_threadripper_2970wx_firmwareryzen_pro_2200geepyc_7532_firmwareryzen_threadripper_pro_3995wxryzen_5_5700g_firmwareryzen_pro_5350geryzen_3_5300g_firmwareryzen_7_5800u_firmwareepyc_7552epyc_7702p_firmwareryzen_5_5700ge_firmwareepyc_7302_firmwareryzen_5_5560u_firmwareepyc_73f3_firmwareepyc_7702pepyc_7262ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_pro_2200g_firmwareryzen_9_5900hxathlon_gold_pro_3150g_firmwareathlon_gold_3150cepyc_72f3epyc_7643athlon_gold_3150u_firmwareepyc_7452_firmwareepyc_7313_firmwareryzen_3_pro_2300uepyc_7443pryzen_threadripper_pro_3945wxryzen_7_5800hs_firmwareepyc_7282ryzen_threadripper_pro_5995wx_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532ryzen_5_5625u_firmwareryzen_7_5700xepyc_73f31st Gen EPYC 3rd Gen EPYCRyzen 5000 Series Ryzen 3000 SeriesRyzen 2000 Series2nd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2024-21938
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.97%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:14
Updated-18 Dec, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-management_plugin_for_sccmAMD Management Plug-In for SCCMmanagement_plugin_for_sccm
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-20589
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.95%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:04
Updated-13 Nov, 2024 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fTPM Voltage Fault Injection

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xathlon_gold_pro_3150ge_firmwareryzen_5_6600h_firmwareryzen_3_pro_3200ge_firmwareathlon_silver_3050u_firmwareathlon_silver_3050e_firmwareryzen_3_3200geryzen_5_pro_5645ryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_7_7735hs_firmwareryzen_9_3900xryzen_5_pro_3350ge_firmwareryzen_9_5900x_firmwareryzen_7_4700geryzen_9_6900hx_firmwareathlon_gold_3150c_firmwareryzen_9_5980hxryzen_7_pro_7730uryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareathlon_pro_300geryzen_5_5600xryzen_9_5900_firmwareryzen_3_pro_7330uryzen_threadripper_pro_5995wxryzen_5_4600g_firmwareryzen_5_3600xt_firmwareryzen_3_5300geryzen_5_5600hsathlon_gold_pro_3150gryzen_3_4100_firmwareryzen_7_5825uryzen_7_5825u_firmwareryzen_5_3600x_firmwareryzen_7_4700gryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_5_6600hryzen_threadripper_3960xryzen_threadripper_2950xryzen_9_6980hxryzen_threadripper_pro_3975wxathlon_pro_3145bryzen_5_5560uryzen_threadripper_pro_5945wxryzen_3_pro_3200geryzen_3_pro_3200g_firmwareryzen_3_4300g_firmwareryzen_3_pro_3200gryzen_3_3100ryzen_7_5700u_firmwareryzen_5_6600hsryzen_3_3200gathlon_silver_3050eryzen_7_pro_5845ryzen_9_5900hsryzen_3_4100ryzen_7_5700gryzen_threadripper_2920xryzen_9_5980hsryzen_5_pro_3350g_firmwareryzen_7_3800xt_firmwareryzen_3_5125c_firmwareryzen_9_6900hxryzen_5_5500u_firmwareryzen_7_5800h_firmwareryzen_9_6900hsryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xryzen_5_5500ryzen_3_5400uryzen_5_4600geathlon_pro_3045bathlon_gold_pro_3150geryzen_5_5600_firmwareryzen_7_5800xryzen_9_pro_5945ryzen_threadripper_3990x_firmwareryzen_9_3900athlon_gold_3150geathlon_silver_3050c_firmwareryzen_5_5600x_firmwareryzen_5_pro_3350gryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_7_5800x3dryzen_9_5900ryzen_3_5300gryzen_5_5600ge_firmwareryzen_9_5980hs_firmwareryzen_7_6800h_firmwareryzen_threadripper_3990xryzen_7_6800u_firmwareryzen_5_5600hs_firmwareryzen_5_3400g_firmwareryzen_3_7320uryzen_5_pro_7530uathlon_gold_3150uryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_5_7520uryzen_3_4300geryzen_7_5700ryzen_5_5500uryzen_3_5400u_firmwareryzen_9_6900hs_firmwareathlon_silver_3050cryzen_7_5800ryzen_7_6800hs_firmwareryzen_7_3800xathlon_gold_3150g_firmwareryzen_5_7535uryzen_7_7735uryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_7_6800hsryzen_5_pro_3400g_firmwareryzen_9_3900xt_firmwareryzen_3_5300u_firmwareryzen_5_7535u_firmwareryzen_7_6800uryzen_7_7736uryzen_3_5300uryzen_threadripper_pro_5945wx_firmwareryzen_5_5600gryzen_5_3600xtryzen_3_5425u_firmwareryzen_7_7735hsryzen_5_3500x_firmwareryzen_9_3900xtryzen_5_5600uryzen_threadripper_pro_5975wxathlon_pro_3045b_firmwareryzen_9_5900hx_firmwareryzen_5_3500xryzen_9_5950x_firmwareryzen_5_5600x3d_firmwareryzen_5_5600geryzen_threadripper_2970wx4700sryzen_7_5800x_firmwareryzen_3_5300ge_firmwareryzen_5_5625uryzen_5_6600uryzen_5_pro_3400gryzen_threadripper_2920x_firmwareryzen_7_5700geryzen_9_6980hs_firmwareryzen_3_4300gathlon_pro_3145b_firmwareryzen_3_5125cryzen_7_3800x_firmwareryzen_5_pro_3350ge4700s_firmwareryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_7_pro_5845_firmwareryzen_7_4700g_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_5600x3dryzen_5_3600xathlon_pro_300ge_firmwareryzen_3_3200g_firmwareryzen_5_6600u_firmwareryzen_3_7335uryzen_7_3800xtryzen_7_5700g_firmwareryzen_threadripper_pro_5975wx_firmwareryzen_7_5700_firmwareryzen_threadripper_2970wx_firmwareryzen_5_7535hs_firmwareryzen_9_3950x_firmwareryzen_9_pro_5945_firmwareryzen_5_7520u_firmwareryzen_threadripper_pro_3995wxryzen_5_7535hsathlon_gold_3150gryzen_5_4500_firmwareryzen_7_5700x_firmwareryzen_3_5300g_firmwareryzen_7_4700ge_firmwareryzen_threadripper_pro_3955wxryzen_7_5800u_firmwareryzen_7_7736u_firmwareryzen_9_3900x_firmwareryzen_3_7320u_firmwareryzen_5_6600hs_firmwareryzen_3_pro_7330u_firmwareryzen_5_pro_5645_firmwareathlon_silver_3050uryzen_3_5425uryzen_5_3500_firmwareryzen_5_4600gryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareryzen_9_5980hx_firmwareryzen_3_5100_firmwareryzen_5_5560u_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_threadripper_pro_5965wxryzen_7_5800uryzen_9_5900hxathlon_gold_pro_3150g_firmwareathlon_gold_3150cryzen_5_5600g_firmwareryzen_5_pro_3400geathlon_gold_3150u_firmwareryzen_9_3950xryzen_3_4300ge_firmwareryzen_3_3200ge_firmwareryzen_threadripper_3970xryzen_5_5600ryzen_3_5100ryzen_threadripper_2990wxryzen_5_3500ryzen_7_5800hryzen_7_pro_7730u_firmwareryzen_threadripper_pro_3945wxryzen_5_pro_3400ge_firmwareryzen_5_3600ryzen_threadripper_3970x_firmwareryzen_5_4600ge_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_7_5800hs_firmwareathlon_gold_3150ge_firmwareryzen_5_pro_7530u_firmwareryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareryzen_3_7335u_firmwareryzen_7_5700uryzen_7_5700ge_firmwareryzen_7_5700xryzen_9_6980hsryzen_7_6800hryzen_5_4500Ryzen™ PRO 3000 Series Desktop ProcessorsRyzen™ 7035 Series Processors with Radeon™ Graphics Ryzen™ Threadripper™ 5000 Series ProcessorsAthlon™ 3000 Series Mobile Processors with Radeon™ GraphicsRyzen™ PRO 7030 Series ProcessorsRyzen™ Threadripper™ 2000 Series Processors Ryzen™ 4000 Series Desktop Processors with Radeon™ GraphicsRyzen™ PRO 5000 Series Desktop ProcessorsRyzen™ 3000 Series Desktop ProcessorsRyzen™ PRO 3000 Series Processors with Radeon™ Vega GraphicsAthlon™ 3000 Series Processors with Radeon™ Graphics Ryzen™ PRO 5000 Series ProcessorsRyzen™ 3000 Series Desktop Processors with Radeon™ GraphicsRyzen™ PRO 6000 Series ProcessorsRyzen™ 5000 Series Desktop Processors with Radeon™ GraphicsRyzen™ PRO 4000 Series Desktop ProcessorsRyzen™ 7020 Series Processors with Radeon™ GraphicsRyzen™ Threadripper™ 3000 Series ProcessorsAthlon™ PRO 3000 Series Processors with Radeon™ Vega GraphicsRyzen™ 5000 Series Processors with Radeon™ GraphicsRyzen™ 7030 Series Processors with Radeon™ GraphicsRyzen™ 6000 Series Processors with Radeon™ GraphicsRyzen™ 5000 Series Desktop Processors
CVE-2023-20510
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.03% / 5.27%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:52
Updated-12 Dec, 2024 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_rx_6750_xtradeon_rx_6950_xtradeon_rx_6600radeon_rx_6900_xtradeon_pro_w6400radeon_rx_6450mradeon_rx_6300mradeon_rx_6800mradeon_softwareradeon_rx_6550mradeon_rx_6750_greradeon_rx_6700radeon_rx_6700sradeon_rx_6600_xtradeon_rx_6400radeon_rx_6650_xtradeon_rx_6650mradeon_rx_6650m_xtradeon_rx_6700_xtradeon_rx_6700mradeon_rx_6800radeon_rx_6850m_xtradeon_pro_w6300radeon_pro_w6600radeon_pro_w6800radeon_rx_6800_xtradeon_rx_6600sradeon_rx_6800sradeon_rx_6500mradeon_rx_6500_xtradeon_rx_6600mradeon_rx_6550sAMD Radeon™ PRO W6000 Series Graphics CardsAMD Radeon™ RX 6000 Series Graphics Cards
CVE-2024-21966
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 2.91%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 19:56
Updated-11 Feb, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ Master Utility
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20584
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.66%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:53
Updated-12 Dec, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_9254_firmwareepyc_9354pepyc_7573xepyc_7713pepyc_7443epyc_9684x_firmwareepyc_7513epyc_7643pepyc_9534epyc_7203_firmwareepyc_7453epyc_7373xepyc_8224pepyc_7513_firmwareepyc_9334_firmwareepyc_8124pn_firmwareepyc_9454p_firmwareepyc_9454epyc_8024pn_firmwareepyc_7303p_firmwareepyc_9534_firmwareepyc_7413_firmwareepyc_9754_firmwareepyc_9384x_firmwareepyc_8024pnepyc_7643_firmwareepyc_9274f_firmwareepyc_75f3epyc_7373x_firmwareepyc_75f3_firmwareepyc_9184x_firmwareepyc_7473x_firmwareepyc_7343_firmwareepyc_8024pepyc_9754s_firmwareepyc_8434pepyc_9634_firmwareepyc_8434p_firmwareepyc_7643p_firmwareepyc_9174f_firmwareepyc_7313pepyc_9124_firmwareepyc_7573x_firmwareepyc_7303pepyc_8224pnepyc_7713_firmwareepyc_9254epyc_7203p_firmwareepyc_7713epyc_9474f_firmwareepyc_7443p_firmwareepyc_7773xepyc_8124pepyc_8324pn_firmwareepyc_9634epyc_9554p_firmwareepyc_8324p_firmwareepyc_8024p_firmwareepyc_8124p_firmwareepyc_7663pepyc_7443_firmwareepyc_7343epyc_7543_firmwareepyc_7763_firmwareepyc_9274fepyc_8534p_firmwareepyc_9734epyc_9454pepyc_9734_firmwareepyc_8124pnepyc_7313p_firmwareepyc_9124epyc_7663p_firmwareepyc_9354epyc_7543p_firmwareepyc_9374f_firmwareepyc_9554_firmwareepyc_8534pnepyc_7203epyc_7663epyc_7773x_firmwareepyc_72f3_firmwareepyc_8224p_firmwareepyc_9174fepyc_7473xepyc_8534pn_firmwareepyc_9754epyc_8534pepyc_7413epyc_9654_firmwareepyc_9384xepyc_9554pepyc_9654epyc_9684xepyc_7313epyc_7663_firmwareepyc_9474fepyc_7303_firmwareepyc_9754sepyc_9654pepyc_74f3_firmwareepyc_7763epyc_9454_firmwareepyc_9374fepyc_7713p_firmwareepyc_73f3_firmwareepyc_9654p_firmwareepyc_9334epyc_7203pepyc_8434pn_firmwareepyc_8324pepyc_72f3epyc_7643epyc_9354_firmwareepyc_9354p_firmwareepyc_8434pnepyc_9224_firmwareepyc_8224pn_firmwareepyc_7313_firmwareepyc_7543pepyc_7443pepyc_8324pnepyc_9184xepyc_7453_firmwareepyc_9224epyc_7303epyc_74f3epyc_9554epyc_73f3AMD EPYC™ 7003 ProcessorsAMD EPYC™ 9004 Processors
CVE-2021-26367
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 4.13%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:50
Updated-12 Dec, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-athlon_gold_pro_3150ge_firmwareryzen_5_3580uathlon_silver_3050u_firmwareathlon_silver_3050e_firmwareradeon_rx_6600ryzen_3_3300uradeon_rx_6900_xtryzen_5_5600gryzen_7_4700geryzen_5_3550h_firmwareradeon_pro_w6400ryzen_9_5980hxathlon_gold_3150c_firmwareathlon_pro_3045b_firmwareathlon_pro_300geryzen_5_4600g_firmwareryzen_3_5300geryzen_5_5600geradeon_rx_6550mathlon_gold_pro_3150gryzen_7_3700u_firmwareryzen_3_5300ge_firmwareradeon_rx_6750_greryzen_7_3750h_firmwareradeon_rx_6700sryzen_7_4700gryzen_7_5700geryzen_5_3450uryzen_3_4300gradeon_rx_6600_xtradeon_rx_6850m_xtradeon_rx_6650_xtathlon_pro_3145b_firmwareathlon_pro_3145bryzen_7_4700g_firmwareradeon_pro_w6600athlon_pro_300ge_firmwareryzen_3_4300g_firmwareradeon_rx_6800_xtryzen_7_5700g_firmwareryzen_7_3750hathlon_silver_3050eryzen_7_3780uradeon_rx_6500_xtradeon_pro_w6800radeon_rx_6600mradeon_rx_6550sathlon_gold_3150gryzen_7_3700c_firmwareradeon_rx_6950_xtryzen_7_5700gradeon_rx_6750_xtryzen_7_3700cryzen_3_5300g_firmwareryzen_7_4700ge_firmwareryzen_7_3700uathlon_silver_3050uryzen_5_4600gryzen_5_3500uradeon_rx_6450mradeon_rx_6300mryzen_9_5980hx_firmwareradeon_rx_6800mradeon_softwareathlon_pro_3045bathlon_gold_pro_3150geryzen_5_4600geryzen_5_3550hradeon_rx_6700athlon_gold_pro_3150g_firmwareryzen_7_3780u_firmwareradeon_pro_w6300radeon_rx_6400radeon_rx_6650mradeon_rx_6650m_xtradeon_rx_6700_xtradeon_rx_6800athlon_silver_3050c_firmwareathlon_gold_3150cryzen_5_5600g_firmwareradeon_rx_6700mryzen_3_5300gathlon_gold_3150u_firmwareryzen_5_5600ge_firmwareryzen_3_4300ge_firmwareryzen_5_3500c_firmwareryzen_3_3350u_firmwareathlon_gold_3150uryzen_3_4300geryzen_5_3450u_firmwareryzen_3_3300u_firmwareathlon_silver_3050cryzen_5_3500u_firmwareryzen_5_4600ge_firmwareradeon_rx_6600sathlon_gold_3150g_firmwareradeon_rx_6800sradeon_rx_6500mryzen_7_5700ge_firmwareryzen_3_3350uryzen_5_3580u_firmwareryzen_5_3500cAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsAMD Ryzen™ Embedded V2000 Series ProcessorsAMD Ryzen™ Embedded V1000 Series ProcessorsAMD Ryzen™ Embedded R1000 Series ProcessorsAMD Ryzen™ Embedded R2000 Series ProcessorsAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsAMD Ryzen™ 3000 Series Processors with Radeon™ GraphicsAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD Radeon™ PRO W6000 Series Graphics CardsAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD Radeon™ RX 6000 Series Graphics CardsAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
CVE-2023-21269
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 21:00
Updated-09 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21396
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.27%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20655
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.69%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-17 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6761mt6853tmt8167smt6785mt6771mt8385mt8797mt6580mt8321mt8791tmt6737mt8795tmt8791mt6879mt8395mt6877mt8788mt6735mt6883mt6895mt8195mt8789mt8891mt6753mt8781mt6855mt8168mt8786mt6893mt8667mt6983mt8175mt8365mt8798mt6781mt8771mt8167mt8666mt8185mt8675mt8766mt6739mt6779mt6768mt8362amt6833mt6873mt8192mt8765mt2715mt8673mt6889mt8768mt6853mt8173mt8871mt6789mt6765mt6885MT2715, MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8192, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21374
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.15%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2002-0367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.15% / 77.62%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000n/aWindows
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-9332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.44%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 15:31
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local).

Action-Not Available
Vendor-k7computingn/a
Product-total_securityantivriusenterprise_securityultimate_securityn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38630
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.47%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21343
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.58%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-9333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.30%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 15:33
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe.

Action-Not Available
Vendor-k7computingn/a
Product-total_securityantivriusenterprise_securityultimate_securityn/a
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-21068
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-20 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21421
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 9.46%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21397
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.79%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20274
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 8.40%
||
7 Day CHG~0.00%
Published-21 Nov, 2023 | 18:49
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-appdynamicsCisco AppDynamics
CWE ID-CWE-269
Improper Privilege Management
CVE-2011-3349
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.11%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 21:42
Updated-06 Aug, 2024 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.

Action-Not Available
Vendor-lightdm_projectlightdm
Product-lightdmlightdm
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21272
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 21:01
Updated-09 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9375
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.07%
||
7 Day CHG~0.00%
Published-17 Jan, 2025 | 23:07
Updated-03 Jul, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21114
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.67%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:09
Updated-17 Dec, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20995
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.15%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-8044
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.12%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 15:36
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys.

Action-Not Available
Vendor-k7computingn/a
Product-total_securityantivriusenterprise_securityultimate_securityn/a
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-27264
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 19:21
Updated-30 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Performance Tools for i privilege escalation

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-284
Improper Access Control
CVE-2024-27442
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.20%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 00:00
Updated-13 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.

Action-Not Available
Vendor-n/aZimbra
Product-collaborationn/acollaboration
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-27210
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 18:55
Updated-16 Apr, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-9425
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.66%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3809
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.90%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 20:53
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-zbook_17_g4mp9_g4_retail_systemproone_600_g4_21.5-inch_touch_all-in-one_business_pcelitebook_840_g5_firmwarezbook_15_g4zbook_14u_g6prodesk_400_g4_small_form_factor_pchp_z1_entry_tower_g5zhan_66_pro_15_g2_firmwareprodesk_600_g5_small_form_factor_pcprodesk_600_g4_desktop_mini_pc_firmwareelitebook_1040_g4elitedesk_800_35w_g4_desktop_mini_pc_firmwareelitedesk_800_95w_g4_desktop_mini_pc_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_pcprobook_x360_11_g2_ee_firmwareelitebook_735_g6_firmwareprodesk_400_g4_small_form_factor_pc_firmwareelitebook_x360_1030_g4_firmwareprobook_470_g4_firmwareprobook_x360_11_g3_ee_firmwarezhan_66_pro_13_g2hp_z2_mini_g5hp_mt21_mobile_thin_client_firmwareelitebook_755_g5_firmwarezbook_17_g6hp_z2_tower_g5engage_flex_pro_retail_systemelitedesk_705_g4_workstationhp_mt21_mobile_thin_clientelite_sliceelitebook_x360_1030_g3_firmwarehp_z2_mini_g4_firmwareprobook_640_g3probook_445r_g6_firmwareelitedesk_705_g4_desktop_mini_pc_firmwareprodesk_400_g6_small_form_factor_pcelitebook_846_g5_firmwareprodesk_600_g5_desktop_mini_pcelitedesk_800_g4_tower_pcprodesk_600_g3_microtower_pcelitebook_735_g5proone_400_g5_23.8-inch_all-in-one_business_pcprobook_640_g4_firmwareprobook_655_g3_firmwareprobook_440_g5prodesk_600_g4_microtower_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwarezbook_studio_g5_firmwareelitedesk_880_g3_tower_pcprodesk_680_g3_microtower_pc_firmwareprodesk_600_g3_desktop_mini_pc_firmwareprobook_650_g3probook_640_g5_firmwareelite_slice_g2_firmwareprodesk_400_g6_small_form_factor_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarehp_z240_small_form_factor_firmwareelitebook_828_g4proone_600_g5_21.5-in_all-in-one_business_pc_firmwareelitebook_735_g6probook_455_g4probook_650_g4_firmwareelitebook_830_g6_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwarezbook_studio_x360_g5_firmwareprobook_430_g6_firmwareprodesk_600_g5_microtower_pc_firmwarezbook_17_g6_firmwareprodesk_400_g3_desktop_mini_pc_firmwareprobook_445_g6_firmwareeliteone_800_g4_23.8-in_all-in-one_business_pchp_z1_all-in-one_g3_firmwareelitebook_x360_1030_g2_firmwarezhan_66_pro_14_g2elitedesk_705_g4_desktop_mini_pcpro_x2_612_g2engage_flex_pro_retail_system_firmwareprodesk_400_g5_microtower_pcprodesk_400_g3_desktop_mini_pcprodesk_400_g5_microtower_pc_firmwareprodesk_405_g4_desktop_mini_pc_firmwareengage_flex_pro-c_retail_system_firmwareelitedesk_880_g4_tower_pcproone_440_g5_23.8-in_all-in-one_business_pc_firmwareelitedesk_800_g4_small_form_factor_pc_firmwareelitedesk_800_g4_small_form_factor_pcprobook_640_g3_firmwareprodesk_480_g4_microtower_pcelitebook_745_g6_firmwarezbook_14u_g5probook_430_g4probook_430_g4_firmwareproone_400_g3_20-inch_touch_all-in-one_pcengage_flex_pro-c_retail_systemzbook_14u_g4probook_650_g3_firmwareprobook_470_g5elitedesk_705_g3_microtower_pc_firmwareelitebook_745_g6probook_455_g6_firmwarehp_z2_mini_g4elitedesk_880_g5_tower_pc_firmwareprodesk_480_g6_microtower_pc_firmwareelitebook_x360_1030_g2hp_z2_tower_g4_firmwareelitedesk_705_g5_desktop_mini_pc_firmwareelitedesk_705_g5_small_form_factor_pcelitedesk_800_g5_tower_pcprobook_645_g4_firmwareprodesk_400_g4_desktop_mini_pc_firmwareprodesk_400_g4_microtower_pc_firmwareelitedesk_705_g5_small_form_factor_pc_firmwarezbook_x2_g4_firmwareelitebook_x360_1040_g6probook_455r_g6elite_dragonflyzhan_x_13_g2prodesk_600_g4_desktop_mini_pchp_z1_entry_tower_g5_firmwareeliteone_800_g5_23.8-in_all-in-oneprodesk_600_g5_desktop_mini_pc_firmwareprobook_655_g3probook_650_g5prodesk_600_g5_microtower_pczbook_15u_g6elitebook_x360_1020_g2_firmwarehp_z240_tower_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pchp_z240_towerprobook_450_g4probook_x360_11_g3_eeprobook_445_g6probook_455r_g6_firmwareelitebook_830_g5_firmwareprodesk_680_g4_microtower_pcmp9_g4_retail_system_firmwareprodesk_600_g4_small_form_factor_pcelitebook_836_g6_firmwareelitedesk_800_g4_workstationelitedesk_800_g5_small_form_factor_pc_firmwareengage_go_mobile_systemproone_400_g5_23.8-inch_all-in-one_business_pc_firmwarehp_z2_mini_g3prodesk_400_g6_microtower_pcelitedesk_800_g3_small_form_factor_pchp_z1_all-in-one_g3elitebook_850_g6_firmwareprobook_455_g5elitedesk_705_g3_desktop_mini_pcprobook_645_g3probook_430_g5_firmwarehp_z2_mini_g3_firmwareelitebook_846_g5elite_x2_g4prodesk_400_g5_small_form_factor_pc_firmwareprodesk_480_g4_microtower_pc_firmwareprobook_440_g6elite_slice_firmwareelitebook_745_g4zbook_studio_x360_g5elitedesk_705_g4_small_form_factor_pc_firmwareelitedesk_800_g3_tower_pceliteone_800_g3_23.8_non-touch_all-in-one_business_pcelitebook_745_g5elitedesk_705_g3_microtower_pchp_z2_small_form_factor_g4_firmwarehp_z238_microtower_firmwarezbook_14u_g4_firmwareproone_400_g3_20-inch_non-touch_all-in-one_pcelitebook_840_g4_firmwareprodesk_600_g4_small_form_factor_pc_firmwarezbook_17_g5probook_640_g5zbook_17_g5_firmwareelitebook_850_g5probook_455_g4_firmwarezbook_studio_g4_firmwareelitebook_828_g4_firmwareelitebook_840_g5prodesk_405_g4_small_form_factor_pc_firmwarezbook_15u_g5_firmwareelitebook_x360_1040_g5_firmwareelitebook_725_g4_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pc_firmwareelitebook_x360_1040_g6_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g5_desktop_mini_pczhan_66_pro_g1zbook_15_g6_firmwareprobook_11_ee_g2zbook_15u_g6_firmwareelitedesk_800_65w_g3_desktop_mini_pc_firmwareelitedesk_880_g5_tower_pcelite_x2_1013_g3_firmwareelitedesk_800_95w_g4_desktop_mini_pcproone_400_g5_20-inch_all-in-one_business_pcelitedesk_800_g3_small_form_factor_pc_firmwareprobook_440_g4probook_x360_11_g4_ee_firmwareelitebook_x360_830_g5_firmwareelitedesk_705_g3_small_form_factor_pchp_z2_small_form_factor_g4prodesk_600_g3_small_form_factor_pc_firmwareelitebook_x360_1040_g5elitebook_840_g6zbook_15_g5elitedesk_705_g4_microtower_pczbook_studio_g4prodesk_680_g3_microtower_pcprodesk_680_g4_microtower_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pcelitedesk_800_35w_g4_desktop_mini_pcproone_400_g3_20-inch_non-touch_all-in-one_pc_firmwareelitedesk_800_g5_desktop_mini_pcelite_dragonfly_firmwareelitebook_840_g4zhan_66_pro_14_g2_firmwarezbook_15_g5_firmwareprobook_645_g3_firmwareprodesk_400_g4_desktop_mini_pcprobook_450_g5proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareelitebook_840r_g4_firmwareprobook_470_g4prodesk_600_g3_small_form_factor_pcelitedesk_880_g4_tower_pc_firmwareelitebook_725_g4elitedesk_800_g5_desktop_mini_pc_firmwareelitebook_735_g5_firmwareelite_x2_1012_g2elitebook_840_g6_firmwareelitedesk_705_g3_desktop_mini_pc_firmwareelitebook_840r_g4elitebook_836_g5_firmwareengage_one_aio_systemprobook_440_g4_firmwareprobook_x360_11_g4_eezhan_x_13_g2_firmwareprobook_455_g5_firmwareelite_x2_1013_g3prodesk_400_g5_desktop_mini_pcprodesk_600_g4_microtower_pc_firmwarezhan_66_pro_g1_firmwareelitebook_1050_g1prodesk_600_g3_microtower_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pcelitebook_x360_830_g6_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_business_pcelitebook_850_g4_firmwareprobook_430_g6prodesk_400_g6_microtower_pc_firmwarehp_mt45_mobile_thin_client_firmwareprodesk_405_g4_small_form_factor_pchp_z2_small_form_factor_g5_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pcprodesk_480_g5_microtower_pcprobook_450_g4_firmwareelitebook_850_g6elitedesk_800_35w_g3_desktop_mini_pceliteone_800_g4_23.8-in_all-in-one_business_pc_firmwareprodesk_480_g6_microtower_pcprobook_11_ee_g2_firmwareelitebook_820_g4_firmwareelitedesk_800_g3_tower_pc_firmwareelitebook_820_g4elitebook_836_g6elitebook_x360_830_g5zbook_14u_g6_firmwareprobook_645_g4probook_x360_440_g1_firmwareelitedesk_800_g4_tower_pc_firmwareelitebook_x360_1030_g3hp_z2_tower_g4elitebook_836_g5prodesk_400_g5_desktop_mini_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pc_firmwareprodesk_400_g5_small_form_factor_pchp_z240_small_form_factorprobook_x360_440_g1proone_400_g3_20-inch_touch_all-in-one_pc_firmwarehp_z2_mini_g5_firmwarehp_z2_tower_g5_firmwareelitebook_850_g5_firmwareelitebook_1040_g4_firmwarehp_mt44_mobile_thin_clientelitedesk_880_g3_tower_pc_firmwareproone_600_g5_21.5-in_all-in-one_business_pczbook_14u_g5_firmwareelitebook_755_g5probook_445r_g6elitedesk_800_g5_tower_pc_firmwareelitebook_x360_830_g6probook_440_g5_firmwarehp_z238_microtowerelitebook_830_g6zbook_15_g4_firmwareelitebook_x360_1030_g4proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmwareelitebook_848_g4_firmwareprobook_x360_11_g2_eezhan_66_pro_15_g2probook_650_g5_firmwareelitebook_745_g5_firmwareprobook_450_g6elitedesk_705_g4_small_form_factor_pcengage_go_mobile_system_firmwareproone_440_g5_23.8-in_all-in-one_business_pcprobook_440_g6_firmwareelitebook_850_g4hp_mt31_mobile_thin_client_firmwareelitebook_745_g4_firmwareeliteone_800_g3_23.8_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g4_workstation_firmwareelitedesk_800_35w_g3_desktop_mini_pc_firmwarezbook_x2_g4elitebook_755_g4_firmwarezbook_15_g6elitedesk_705_g3_small_form_factor_pc_firmwareprodesk_600_g3_desktop_mini_pczbook_studio_g5elite_x2_1012_g2_firmwareprobook_470_g5_firmwareprobook_650_g4elitebook_848_g4engage_one_aio_system_firmwareprobook_640_g4prodesk_400_g4_microtower_pcelitedesk_705_g4_microtower_pc_firmwareprodesk_600_g5_small_form_factor_pc_firmwareprobook_430_g5engage_go_10_mobile_systemelitedesk_800_g5_small_form_factor_pcprobook_455_g6engage_go_10_mobile_system_firmwarehp_z2_small_form_factor_g5zbook_15u_g4_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pchp_mt45_mobile_thin_clientzbook_17_g4_firmwareprodesk_405_g4_desktop_mini_pchp_mt44_mobile_thin_client_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcpro_x2_612_g2_firmwareelitedesk_800_g4_workstation_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwarehp_mt31_mobile_thin_clientelitebook_x360_1020_g2probook_450_g5_firmwareelitebook_1050_g1_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwarezbook_15u_g5elitedesk_800_65w_g3_desktop_mini_pceliteone_800_g5_23.8-in_all-in-one_firmwarezbook_15u_g4elite_x2_g4_firmwareelitebook_830_g5prodesk_480_g5_microtower_pc_firmwareelite_slice_g2elitebook_755_g4HP PC BIOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-29052
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.74% / 71.90%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:01
Updated-27 Aug, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Storage Elevation of Privilege Vulnerability

Windows Storage Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_23h2Windows 11 Version 23H2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-269
Improper Privilege Management
CVE-2016-1575
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.53% / 66.02%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-linux_kernelubuntu_linuxubuntu_touchubuntu_coren/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-27793
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.66%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.

Action-Not Available
Vendor-ixpdatan/a
Product-easyinstalln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-27826
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.69%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:17
Updated-13 Feb, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosvisionosmacosvisionOSiOS and iPadOStvOSmacOSwatchOSwatch_osmacosiphone_osvisionosipad_ostv_os
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-1326
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.7||HIGH
EPSS-4.20% / 88.27%
||
7 Day CHG~0.00%
Published-13 Apr, 2023 | 22:35
Updated-07 Feb, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
local privilege escalation in apport-cli

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.

Action-Not Available
Vendor-Canonical Ltd.
Product-apportubuntu_linuxApport
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20216
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.08%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 21:18
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-broadworks_profile_serverbroadworks_network_serverbroadworks_database_serverbroadworks_network_database_serverbroadworks_network_function_managerbroadworks_media_serverbroadworks_execution_serverbroadworks_application_delivery_platformbroadworks_application_serverbroadworks_service_control_function_serverbroadworks_troubleshooting_serverbroadworks_xtended_services_platformCisco BroadWorks
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-8724
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.44%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 15:34
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe.

Action-Not Available
Vendor-k7computingn/a
Product-total_securityantivriusenterprise_securityultimate_securityn/a
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-27233
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.15%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 18:55
Updated-03 Apr, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-17954
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.3||CRITICAL
EPSS-0.12% / 31.52%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 07:05
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
crowbar provision leaks admin password to all nodes in cleartext

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.

Action-Not Available
Vendor-SUSE
Product-openstack_cloud_crowbaropenstack_cloudSUSE OpenStack Cloud Crowbar 8SUSE OpenStack Cloud Crowbar 9SUSE OpenStack Cloud 7SUSE OpenStack Cloud 9SUSE OpenStack Cloud 8
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-0664
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.13%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.Microsoft CorporationFedora Project
Product-qemufedoraenterprise_linuxwindowsQEMU
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-25088
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.33%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 00:00
Updated-01 Aug, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code.

Action-Not Available
Vendor-jungon/ajungoMitsubishi Electric Corporation
Product-gt_got2000rt_visualboxfr_configurator_sw3mx_opc_server_da\/uasw1dnc-qsccf-bgx_works3sw1dnc-mnetg-b_firmwaregenesis64sw0dnc-mneth-bgt_got1000data_transfermrzjw3-mc2-utl_firmwaresw1dnc-mnetg-bezsocketsw0dnc-mneth-b_firmwaresw1dnc-ccbd2-b_firmwaresw1dnc-qsccf-b_firmwaresw1dnc-ccief-jgt_softgot1000sw1dnc-ccief-bsw1dnc-ccbd2-brt_toolbox3sw1dnc-ccief-b_firmwarefr_configurator2mx_componentsw1dnd-emsdk-bnumerical_control_device_communicationgx_logviewermr_configuratorsw1dnc-ccief-j_firmwarecw_configuratorwindrivercpu_module_logging_configuration_tooldata_transfer_classicgt_softgot2000px_developer\/monitor_toolgx_works2sw1dnd-emsdk-b_firmwaremr_configurator2mi_configuratoriq_worksmrzjw3-mc2-utlgx_developern/awindriver
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38628
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38671
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.69%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38634
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.35% / 56.72%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Update Client Elevation of Privilege Vulnerability

Microsoft Windows Update Client Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38626
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-26314
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.33%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 00:00
Updated-21 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code.

Action-Not Available
Vendor-jungon/aiconicsMitsubishi Electric Corporation
Product-sw1dnd-emsdk-b_firmwaregt_softgot2000windriversw1dnd-emsdk-bgx_works3sw1dnc-qsccf-bmx_opc_server_da\/uasw1dnc-ccbd2-bsw0dnc-mneth-bgenesis64gt_got1000mr_configuratorgt_softgot1000gx_logviewersw1dnc-ccief-b_firmwaresw1dnc-ccief-j_firmwaresw1dnc-qsccf-b_firmwarefr_configurator_sw3sw1dnc-ccief-jcpu_module_logging_configuration_toolgx_developermi_configuratorcw_configuratormr_configurator2data_transferfr_configurator2mrzjw3-mc2-utlsw1dnc-mnetg-b_firmwaremx_componentsw1dnc-mnetg-brt_visualboxsw1dnc-ccbd2-b_firmwaremrzjw3-mc2-utl_firmwarenumerical_control_device_communicationgt_got2000sw1dnc-ccief-bdata_transfer_classicgx_works2iq_worksrt_toolbox3ezsocketpx_developer\/monitor_toolsw0dnc-mneth-b_firmwaren/amelsoft_navigatorgt_softgot2000sw1dnd-emsdk-bgx_works3sw1dnc-qsccf-bmx_opc_server_da\/uasw1dnc-ccbd2-bsw0dnc-mneth-bgenesis64gt_softgot1000gx_logviewerc_controller_module_setting_and_monitoring_toolfr_configurator_sw3sw1dnc-ccief-jgt_designer3cpu_module_logging_configuration_toolgx_developermi_configuratorcw_configuratormr_configurator2data_transferfr_configurator2mrzjw3-mc2-utlmx_componentsw1dnc-mnetg-brt_visualboxfcsb1224px_developersw1dnc-ccief-bgx_works2rt_toolbox3ezsocket
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38633
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.40%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-18 Nov, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 14
  • 15
  • Next
Details not found