Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-22618

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Oct, 2023 | 00:00
Updated At-20 Sep, 2024 | 13:55
Rejected At-
Credits

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Oct, 2023 | 00:00
Updated At:20 Sep, 2024 | 13:55
Rejected At:
▼CVE Numbering Authority (CNA)

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nokia.com
N/A
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/
N/A
Hyperlink: https://nokia.com
Resource: N/A
Hyperlink: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nokia.com
x_transferred
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/
x_transferred
Hyperlink: https://nokia.com
Resource:
x_transferred
Hyperlink: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Nokia Corporationnokia
Product
wavelite_metro_200_and_fan
CPEs
  • cpe:2.3:h:nokia:wavelite_metro_200_and_fan:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 0
Vendor
Nokia Corporationnokia
Product
wavelite_metro_200_ops_and_fans
CPEs
  • cpe:2.3:h:nokia:wavelite_metro_200_ops_and_fans:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 0
Vendor
Nokia Corporationnokia
Product
wavelite_metro_200_and_f2b_fans
CPEs
  • cpe:2.3:h:nokia:wavelite_metro_200_and_f2b_fans:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 0
Vendor
Nokia Corporationnokia
Product
wavelite_metro_200_ne_ops_and_f2b_fans
CPEs
  • cpe:2.3:h:nokia:wavelite_metro_200_ne_ops_and_f2b_fans:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 0
Vendor
Nokia Corporationnokia
Product
wavelite_metro_200_ne_and_f2b_fans
CPEs
  • cpe:2.3:h:nokia:wavelite_metro_200_ne_and_f2b_fans:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 0
Vendor
Nokia Corporationnokia
Product
wavelite_metro_200_ne_ops_and_f2b_fans
CPEs
  • cpe:2.3:h:nokia:wavelite_metro_200_ne_ops_and_f2b_fans:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 0
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Oct, 2023 | 12:15
Updated At:20 Sep, 2024 | 14:35

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.1HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Nokia Corporation
nokia
>>wavelite_metro_200_and_fan>>-
cpe:2.3:h:nokia:wavelite_metro_200_and_fan:-:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_and_fan_firmware>>Versions before r2.1.1(exclusive)
cpe:2.3:o:nokia:wavelite_metro_200_and_fan_firmware:*:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_ops_and_fans>>-
cpe:2.3:h:nokia:wavelite_metro_200_ops_and_fans:-:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_ops_and_fans_firmware>>Versions before r2.1.1(exclusive)
cpe:2.3:o:nokia:wavelite_metro_200_ops_and_fans_firmware:*:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_and_f2b_fans>>-
cpe:2.3:h:nokia:wavelite_metro_200_and_f2b_fans:-:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_and_f2b_fans_firmware>>Versions before r2.1.1(exclusive)
cpe:2.3:o:nokia:wavelite_metro_200_and_f2b_fans_firmware:*:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_ops_and_f2b_fans>>-
cpe:2.3:h:nokia:wavelite_metro_200_ops_and_f2b_fans:-:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_ops_and_f2b_fans_firmware>>Versions before r2.1.1(exclusive)
cpe:2.3:o:nokia:wavelite_metro_200_ops_and_f2b_fans_firmware:*:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_ne_and_f2b_fans>>-
cpe:2.3:h:nokia:wavelite_metro_200_ne_and_f2b_fans:-:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_ne_and_f2b_fans_firmware>>Versions before r2.1.1(exclusive)
cpe:2.3:o:nokia:wavelite_metro_200_ne_and_f2b_fans_firmware:*:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_ne_ops_and_f2b_fans>>-
cpe:2.3:h:nokia:wavelite_metro_200_ne_ops_and_f2b_fans:-:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>wavelite_metro_200_ne_ops_and_f2b_fans_firmware>>Versions before r2.1.1(exclusive)
cpe:2.3:o:nokia:wavelite_metro_200_ne_ops_and_f2b_fans_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nokia.comcve@mitre.org
Product
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/cve@mitre.org
Vendor Advisory
Hyperlink: https://nokia.com
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

195Records found
CVE-2022-40539
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.34%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Automotive Android OS

Memory corruption in Automotive Android OS due to improper validation of array index.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa8295psa6155p_firmwarewsa8830sa6150p_firmwaresa8145p_firmwareqcs610sw5100pqcc5100wcn3988_firmwareqca6574ausa6145p_firmwaresa8155p_firmwarewsa8835sa8195pwcn3950_firmwarewsa8810_firmwaresa8150p_firmwarewcd9341_firmwaresw5100wsa8810sa6155pqcs410sw5100p_firmwareqcs610_firmwarewcd9370sa6145pwcd9341qca6696_firmwarewcn3980sa8145pqca6696qam8295pwcn3950wcd9370_firmwaresa8150psa6150pwsa8815sa8155pwsa8830_firmwareqam8295p_firmwarewcn3988wsa8815_firmwarewsa8835_firmwareqca6574au_firmwaresa8195p_firmwaresw5100_firmwareqcs410_firmwarewcn3980_firmwaresa8295p_firmwareqcc5100_firmwareSnapdragonsa6155p_firmwaresa6150p_firmwaresa8145p_firmwareqca6696_firmwarewcd9370_firmwarewcn3988_firmwarewsa8830_firmwaresa6145p_firmwaresa8155p_firmwareqam8295p_firmwarewcn3950_firmwarewsa8815_firmwarewsa8835_firmwarewsa8810_firmwaresa8150p_firmwarewcd9341_firmwareqca6574au_firmwaresa8195p_firmwaresw5100_firmwareqcs410_firmwarewcn3980_firmwaresa8295p_firmwaresw5100p_firmwareqcs610_firmwareqcc5100_firmware
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-40529
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access control in Kernel

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwaresnapdragon_850_mobile_compute_platform_firmwaresm7325-ae_firmwaresa6150p_firmwaresm6250p_firmwareqcs610sc8180x-ab_firmwareqca6431_firmwareqam8775pwcn3950_firmwaresc8180x\+sdx55sa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155qca6335sdm712sdm670sm8350csra6620_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwarewcn685x-1sm7350-ab_firmwaresm4375wcn3998sc8180xp-adwcd9371_firmwareqam8295pwcn3950sm4125sd_8_gen1_5g_firmwaresm6375_firmwaresm7150-acqsm8350_firmwareqsm8350sd460_firmwaresm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwaresa6155_firmwaresm6225-adqca6420snapdragon_xr2\+_gen_1_platformsnapdragon_auto_5g_modem-rf_firmwaresc8180xp-afsmart_audio_400_platform_firmwarewcn3999sm6225-ad_firmwareqrb5165m_firmwareqrb5165_firmwareqca6698aqsc8180xp-aa_firmwareqcs6125sa4155p_firmwaresa8155_firmwarerobotics_rb3_platform_firmwaresd662_firmwaresm7250-ab_firmwareqca6430robotics_rb3_platformwcd9340sw5100qca6436sa6155pqca6698aq_firmwarewcn685x-1_firmwaresm8150_firmwarewcd9341qam8775p_firmwaresa8255pqca6431qca6696_firmwaresc8180xp-ab_firmwarewcd9371sc8180x-abqca6797aqwcn3910_firmwaresm4350_firmwaresd_8cxsa8150psm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresm7225_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988sm4250-aa_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresm6125_firmwaresa8295p_firmwaresnapdragon_675_mobile_platform_firmwaresm6375wcn3991wcd9380_firmwaressg2125psw5100psnapdragon_w5\+_gen_1_wearable_platformqca6564ausd670_firmwareqca6574snapdragon_7c\+_gen_3_computewcd9380sc8180xp-aaqcs410sm7150-aa_firmwaresxr1230pc-v2x_9150_firmwaresc8180xp-ad_firmwaresc8180x-ac_firmwareqcn9012_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225qcm4325_firmwarewcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910qcs8250qca6426_firmwaresm4450qca9984sc8180x-adwcn3980_firmwaresd730snapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresc7180-ac_firmwaresa8295psm7150-aasm6350sm8475_firmwarewcn6740_firmwareqca6421_firmwaresm7125qcs4490_firmwaresnapdragon_xr2_5g_platformar8031_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwaresm6350_firmwareqca6797aq_firmwarewcn785x-1_firmwaresdm710sd670qca6564a_firmwareqcm4290_firmwarewsa8832sc8180xp-ac_firmwaresw5100p_firmwaresa8540pqcs610_firmwareqsm8250sa6145par8031qcs4490qca6595_firmwaresa8145psc8280xp-bbqca6391_firmwaresa4150p_firmwarewcd9370_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psd675ssg2115p_firmwareqcs8155_firmwareqam8255psa4155par8035_firmwareqcm2290qsm8250_firmwarewcn3991_firmwarewsa8830snapdragon_662_mobile_platform_firmwaresxr2230p_firmwaresa8145p_firmwaresm6125sdm712_firmwaresnapdragon_850_mobile_compute_platformqcs2290_firmwareqam8650pwcn785x-5flight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwaresc8280xp-bb_firmwaresm7250-ac_firmwareqcs4290qca6420_firmwaresc7180-acqca6390_firmwaresnapdragon_auto_4g_modem_firmwaresd730_firmwarewcd9370sd675_firmwaressg2115pqca6564qca6426sc8280xp-abwcn3990_firmwareqrb5165n_firmwareqca9984_firmwaresm8450sm8250-absd_8cx_firmwarewcd9385_firmwarewcd9326_firmwaresd662qam8295p_firmwaresm7325-afqcn9011_firmwaresa8155snapdragon_x55_5g_modem-rf_systemsa9000p_firmwaresdx55_firmwareqca6595ausm7325-af_firmwarewcn3999_firmwaresm7250p_firmwareqca6436_firmwaresm4350-acqrb5165nsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwaresa6155p_firmwareqca6310qcs8155sm6225qcs6490qcs8550_firmwaresm8250_firmwarevision_intelligence_300_platform_firmwaresm8250-acwcn3988_firmwareqcn9074sa6145p_firmwareqca6421sm7250-aasm6250c-v2x_9150sa8195psxr1120sdm710_firmwarewsa8810_firmwaresm4375_firmwarevision_intelligence_400_platformsm8450_firmwaresc7180-adwcd9326wcd9335snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresg4150pqcm4490qca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresm7150-absc8180x-acqca6390wcd9375ar8035aqt1000sc8180x\+sdx55_firmwaresm6250_firmwarevision_intelligence_400_platform_firmwaresnapdragon_662_mobile_platformsm8150wsa8815_firmwareqcm6490wsa8835_firmwaresm7350-absxr1120_firmwareqca6564asa4150psg4150p_firmwarewcn785x-1qcm6125_firmwareqcm4325qcm2290_firmwaresnapdragon_845_mobile_platformwcn3990sd_675sd865_5gqca6595sm8350-ac_firmwaresm8150-acqcn9012sd888wsa8835sxr1230p_firmwaresc7180-ad_firmwaresa8540p_firmwaresnapdragon_auto_5g_modem-rfsd_8_gen1_5gsm6250psc8180xp-acsxr2130ssg2125p_firmwareqca6574asmart_audio_400_platformwcn685x-5_firmwaresc8180x-afqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresa9000pqca6574_firmwaresm7250-absd855sm4125_firmwaresm7325p_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwareqca6574a_firmwareqrb5165mwcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwarevision_intelligence_300_platformsd460qca6391sm8250-ab_firmwaresc8280xp-ab_firmwareaqt1000_firmwareqcm4490_firmwaresnapdragon_845_mobile_platform_firmwaresnapdragon_auto_4g_modemqcm4290qcm6490_firmwarewsa8832_firmwaresnapdragon_xr1_platformwcn685x-5qcn9011sm6225_firmwaresc8180xp-af_firmwareqca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwareqcm6125wsa8810sm7250-aa_firmwaresc8180x-aa_firmwaresm7250-acsm8150-ac_firmwaresnapdragon_ar2_gen_1_platformsc8180x-aasm8350-acqca6564_firmwareqam8650p_firmwaresnapdragon_675_mobile_platformsc8180x-af_firmwarewcn6740qca6696qcs8550sm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsa6150psc8180xp-absc8180x-ad_firmwaresm7250psw5100_firmwareqcn9074_firmwareqcs410_firmwaresnapdragon_xr1_platform_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-23351
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.08% / 24.34%
||
7 Day CHG-0.00%
Published-06 May, 2024 | 14:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Linux

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwareqcm8550_firmwaresw5100pwsa8845_firmwarewsa8832snapdragon_480_5g_mobileqca6595srv1mqca6678aqwcd9370qca6696wcd9395_firmwaresnapdragon_8\+_gen_1_mobilefastconnect_6700qcs6125_firmwaresnapdragon_685_4g_mobilewsa8815_firmwarewsa8832_firmwaresa8195p_firmwarewcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwareqam8295pqcm4490_firmwareqca6574auwcd9390sa8620p_firmwarewcn3950wsa8810_firmwareqcs6125flight_rb5_5gsa9000p_firmwaresrv1hqca6797aq_firmwaretalynplus_firmwareqcs5430sa8295p_firmwareqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresa8770pqcm6125_firmwaressg2115psw5100_firmwaresnapdragon_8_gen_3_mobile_firmwareqca6595_firmwareqcs7230fastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformsa7255pwcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarerobotics_rb5_firmwarewcd9380qam8255psxr2230pqcs4490snapdragon_680_4g_mobilewsa8845sa6155pqcm6125sxr1230pwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresa9000psrv1h_firmwaresw5100video_collaboration_vc3_platformqca6595ausnapdragon_4_gen_1_mobile_firmwaresxr2250p_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840qam8295p_firmwaresrv1m_firmwareqcs8550_firmwaresnapdragon_8_gen_2_mobile_firmwareqca6698aq_firmwaresnapdragon_4_gen_2_mobile_firmwarewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_680_4g_mobile_firmwaresa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobilesg8275pwcd9370_firmwareflight_rb5_5g_firmwaressg2125psa7255p_firmwareqca6574asnapdragon_8\+_gen_2_mobileqcm4490sa8195pqcs8250_firmwaresnapdragon_480\+_5g_mobile_firmwareqamsrv1mrobotics_rb5talynplusqcm6490qam8650p_firmwarevideo_collaboration_vc5_platformsm8550p_firmwaresxr2250pqcm8550wcn3988qcs6490_firmwarewcn3980_firmwareqrb5165n_firmwareqca6574sa8775pwsa8835qca6595au_firmwareqca6391_firmwaresxr2230p_firmwarewsa8840_firmwaresw5100p_firmwaresa8775p_firmwareqamsrv1hqca6696_firmwarewcd9380_firmwareqca6574_firmwaresa8155p_firmwarewsa8815sg4150psa8155psd_8_gen1_5gwsa8830qam8775pqca6797aqsnapdragon_ar2_gen_1_firmwaresm8550pqcm4325_firmwaresa8620psa8255p_firmwareqca6574a_firmwaresnapdragon_4_gen_1_mobileqamsrv1m_firmwaresnapdragon_4_gen_2_mobilesa8650p_firmwareqcm4325sd_8_gen1_5g_firmwarewcd9375_firmwareqca6391qcs5430_firmwareqca6698aqsg4150p_firmwaressg2125p_firmwarewcn3950_firmwareqrb5165nsa8295psa8770p_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sa8650pqam8775p_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375snapdragon_ar2_gen_1wcn3988_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaressg2115p_firmwareqcs6490qcs8250snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilewcn3980fastconnect_6200_firmwarewsa8830_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqam8255p_firmwarequalcomm_video_collaboration_vc1_platform_firmwarerobotics_rb5_platform_firmwaresa6155p_firmwareqcm4490_firmwareqcm8550_firmwareqca6678aq_firmwareqcs4490_firmwareqcm6490_firmwarefastconnect_6900_firmwareqcs7230_firmwareqcs8550_firmwareqca6797aq_firmwareflight_rb5_5g_platform_firmwarefastconnect_6700_firmwareqcs8250_firmwarefastconnect_7800_firmwareqca6595au_firmwareqamsrv1m_firmwareqca6698aq_firmwareqcm5430_firmwareqcs6125_firmwareqam8650p_firmwareqam8775p_firmwareqrb5165n_firmwareqca6696_firmwareqca6595_firmwareqcs6490_firmwareqcs5430_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6391_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwarequalcomm_video_collaboration_vc5_platform_firmwareqam8295p_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwareqcm6125_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2024-28115
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.86%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 20:54
Updated-01 Oct, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.

Action-Not Available
Vendor-amazonFreeRTOSfreertos
Product-freertosFreeRTOS-Kernelfreertos-kernel
CWE ID-CWE-284
Improper Access Control
CVE-2024-23360
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.07% / 21.64%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:05
Updated-09 Jan, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Windows

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830fastconnect_6900wsa8845wcd9380sc8380xp_firmwarewsa8835fastconnect_7800wcd9385_firmwarefastconnect_6900_firmwaresc8280xp-abbb_firmwarewcd9385fastconnect_6700fastconnect_6700_firmwaresnapdragon_7c\+_gen_3_computesc8280xp-abbbwsa8830_firmwarewsa8845h_firmwarewsa8840fastconnect_7800_firmwarewsa8845_firmwarewcd9380_firmwaresc8380xpwsa8835_firmwarewsa8840_firmwarewsa8845hsnapdragon_7c\+_gen_3_compute_firmwareSnapdragonsnapdragon_7c\+_gen_3_compute_firmwarefastconnect_7800_firmwarewsa8835_firmwarewsa8845_firmwarewsa8845h_firmwaresc8380xp_firmwarewsa8830_firmwarefastconnect_6900_firmwarewcd9385_firmwarefastconnect_6700_firmwarewsa8840_firmwarewcd9380_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2022-40207
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.53%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_usage_reportIntel(R) SUR software
CWE ID-CWE-284
Improper Access Control
CVE-2022-3263
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.07%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:30
Updated-16 Apr, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Measuresoft ScadaPro Server Improper Access Control

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.

Action-Not Available
Vendor-measuresoftMeasuresoft
Product-scadapro_serverScadaPro Server
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-40972
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 27.11%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-24 Jan, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT drivers for Windows
CWE ID-CWE-284
Improper Access Control
CVE-2022-39854
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.54%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CVE-2022-38786
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 25.81%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-30 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-battery_life_diagnostic_toolIntel Battery Life Diagnostic Tool software
CWE ID-CWE-284
Improper Access Control
CVE-2022-37393
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.8||HIGH
EPSS-4.45% / 88.63%
||
7 Day CHG-0.00%
Published-16 Aug, 2022 | 20:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zimbra zmslapd arbitrary module load

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Action-Not Available
Vendor-ZimbraSynacor, Inc.
Product-collaborationZimbra Server
CWE ID-CWE-284
Improper Access Control
CVE-2022-38466
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.21%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 09:40
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator.

Action-Not Available
Vendor-Siemens AG
Product-coreshield_one-way_gatewayCoreShield One-Way Gateway (OWG) Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-36443
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.09%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-30 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction.

Action-Not Available
Vendor-zebran/a
Product-enterprise_home_screenn/a
CWE ID-CWE-284
Improper Access Control
CVE-2022-36864
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.12% / 31.15%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-samsung_emailSamsung Email
CWE ID-CWE-284
Improper Access Control
CVE-2022-36789
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.79%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_10_performance_mini_pc_nuc10i7fnkpanuc_10_performance_kit_nuc10i7fnk_firmwarenuc_10_performance_mini_pc_nuc10i7fnhjanuc_10_performance_kit_nuc10i5fnhnnuc_10_performance_kit_nuc10i7fnhc_firmwarenuc_10_performance_kit_nuc10i3fnh_firmwarenuc_10_performance_kit_nuc10i5fnhjnuc_10_performance_kit_nuc10i7fnhnuc_10_performance_kit_nuc10i3fnhn_firmwarenuc_10_performance_mini_pc_nuc10i3fnhja_firmwarenuc_10_performance_kit_nuc10i3fnknnuc_10_performance_kit_nuc10i3fnk_firmwarenuc_10_performance_kit_nuc10i5fnhn_firmwarenuc_10_performance_mini_pc_nuc10i5fnhja_firmwarenuc_10_performance_mini_pc_nuc10i3fnhfanuc_10_performance_kit_nuc10i7fnhcnuc_10_performance_kit_nuc10i5fnkn_firmwarenuc_10_performance_kit_nuc10i3fnhnuc_10_performance_kit_nuc10i3fnhf_firmwarenuc_10_performance_mini_pc_nuc10i5fnhcanuc_10_performance_kit_nuc10i5fnknnuc_10_performance_kit_nuc10i7fnhn_firmwarenuc_10_performance_kit_nuc10i3fnhnnuc_10_performance_kit_nuc10i5fnhj_firmwarenuc_10_performance_kit_nuc10i3fnhfnuc_10_performance_mini_pc_nuc10i7fnhaanuc_10_performance_mini_pc_nuc10i7fnkpa_firmwarenuc_10_performance_kit_nuc10i5fnkpnuc_10_performance_kit_nuc10i7fnhnnuc_10_performance_mini_pc_nuc10i7fnhja_firmwarenuc_10_performance_kit_nuc10i5fnkp_firmwarenuc_10_performance_kit_nuc10i5fnhnuc_10_performance_mini_pc_nuc10i3fnhfa_firmwarenuc_10_performance_kit_nuc10i7fnknnuc_10_performance_kit_nuc10i5fnhfnuc_10_performance_mini_pc_nuc10i7fnhaa_firmwarenuc_10_performance_kit_nuc10i3fnkn_firmwarenuc_10_performance_kit_nuc10i7fnkn_firmwarenuc_10_performance_kit_nuc10i7fnkp_firmwarenuc_10_performance_kit_nuc10i5fnknuc_10_performance_kit_nuc10i5fnh_firmwarenuc_10_performance_kit_nuc10i7fnh_firmwarenuc_10_performance_kit_nuc10i7fnknuc_10_performance_mini_pc_nuc10i3fnhjanuc_10_performance_mini_pc_nuc10i5fnkpanuc_10_performance_kit_nuc10i7fnkpnuc_10_performance_mini_pc_nuc10i5fnhca_firmwarenuc_10_performance_kit_nuc10i5fnk_firmwarenuc_10_performance_mini_pc_nuc10i5fnhjanuc_10_performance_kit_nuc10i5fnhf_firmwarenuc_10_performance_kit_nuc10i3fnknuc_10_performance_mini_pc_nuc10i5fnkpa_firmwareIntel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs
CWE ID-CWE-284
Improper Access Control
CVE-2022-34672
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.33%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpucloud_gamingvGPU software (guest driver) - Windows, NVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-284
Improper Access Control
CVE-2022-34457
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.08%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 11:38
Updated-03 Apr, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-33243
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access control in Qualcomm IPC

Memory corruption due to improper access control in Qualcomm IPC.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwareqcs610ipq4028_firmwareqca8337ar9380ipq8173_firmwareqca6431_firmwarewcd9360_firmwareqcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqca6595au_firmwareqca6335qcs605_firmwareqcs6125_firmwaresa415mwcn3998qam8295pwcn3950qcn6024_firmwareipq8076asd_8_gen1_5g_firmwarewcn3660bwcn7850qca6574au_firmwareqcn5164_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwareqca6420wcd9360qca9986ipq8070_firmwareipq8065ipq8078a_firmwareqrb5165_firmwareipq5028qca7500ipq4029_firmwareqcs6125ipq6010ipq8068qca6430wcd9340qcn6132qualcomm215_firmwaresw5100qca6436wcn6851sa6155pwcn7851_firmwareqca9888_firmwareqcn6122wcd9341ipq8068_firmwareqca6431qca6696_firmwaresd870_firmwareqcn5154_firmwaresa8150pwsa8830_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd855_firmwarewcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475qcn5022_firmwareqca9898sa8295p_firmwareipq4028wcn3610ipq5018_firmwareqca9985_firmwareipq4018_firmwareqca8337_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaresdm429wsw5100pmsm8996au_firmwareipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164csr8811_firmwarewcd9380qualcomm215qcs410qcn5024ipq4019_firmwaresdx24_firmwareqca9985qcn9012_firmwareqca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980qca6335_firmwareipq6018_firmwareqcs605wcd9340_firmwarewsa8815wcn6850qca9986_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680qca9984ipq6028ipq8064sd835qcn9024wcn3980_firmwaresdx55mipq8064_firmwareqcc5100_firmwaresa8295pqca6421_firmwarewcn3680_firmwareipq8078_firmwareqrb5165wcn6851_firmwareipq8070qca9994qca9980qcn9024_firmwareipq8174_firmwareqca6564a_firmwareqca9880sd870wcn6855sw5100p_firmwaresd210_firmwareqcs610_firmwareqsm8250sa6145pipq6018qca9886_firmwaresdxr1apq8096ausa8145pqca6391_firmwareqca4024wcd9370_firmwaresdx55sa8155pqcs8155_firmwareqsm8250_firmwareqcn5024_firmwaremdm9150_firmwarewsa8830qcn9070sa8145p_firmwarecsrb31024qcn9072qca9880_firmwareqca9992qca6420_firmwareqca6390_firmwarewcd9370qcn5152_firmwareqca6426wcn3990_firmwareqcn9000_firmwareqca9984_firmwareqca9377ipq5018wcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwareipq8074aqcn5124_firmwareqam8295p_firmwarewcn3680b_firmwareqcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwareqca6595auwcn3610_firmwareqca6436_firmwareipq5010qca6564au_firmwaresa6155p_firmwareqca6310qcs8155wcn7851ipq8174sd429sa515m_firmwareqca9990qcn5052sdxr2_5gsa415m_firmwarewcn3988_firmwareqcn9074sd205sd429_firmwareqca6421sa6145p_firmwaresa8195pwsa8810_firmwarewcd9326wcd9335qca8081qcn6023ipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385qca6390qca9898_firmwarewcd9375aqt1000csr8811ipq4019qcn9100_firmwaresd210wcn3620_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewsa8815_firmwarewcn6850_firmwarewsa8835_firmwarewcn3620qca6564aqcm6125_firmwarewcn3990qcn9000sd865_5gar9380_firmwareqcc5100sdx24qcn9012qcn6122_firmwareipq8065_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gqcn5154qca8075_firmwareipq4018qca6574awcn6855_firmwareqca9889qca6174aqcn6132_firmwareqca9888qca6310_firmwareqca9994_firmwareipq8070a_firmwareipq8076_firmwaresa515mqca9886sd855sd665ipq8076qca6574a_firmwareqcn5152qca6391sdxr1_firmwareaqt1000_firmwareqcn9100csrb31024_firmwareqcn9070_firmwareipq6028_firmwareipq8072a_firmwareqca6574auqca9889_firmwaresa8155p_firmwareqcn5122sd205_firmwarewcd9341_firmwareqcm6125wsa8810mdm9150wcn6856qcn5022wcn3680bsd835_firmwareipq6010_firmwareqca6696sd845_firmwaresa6150pqca8075qcn9022_firmwareapq8096au_firmwareqcn6024qcn9022sd845qca9990_firmwareipq8070aqcn9072_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareipq4029Snapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2016-10408
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.28%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:56
Updated-09 Jan, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Core.

QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-9206_lte_modemsd820_firmwareapq8037_firmwaresd626_firmware9206_lte_modem_firmwaresd626apq8037sd820sd821sd821_firmwareSnapdragonsd626_firmware9206_lte_modem_firmwaresd820_firmwareapq8037_firmwaresd821_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2024-21436
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.95%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2024-21103
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.32%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-13 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-284
Improper Access Control
CVE-2024-21418
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 67.74%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft CorporationThe Linux Foundation
Product-software_for_open_networking_in_the_cloudSoftware for Open Networking in the Cloud (SONiC)
CWE ID-CWE-284
Improper Access Control
CVE-2024-0025
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.84%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 21:03
Updated-17 Dec, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-284
Improper Access Control
CVE-2023-7025
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.02%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 03:00
Updated-24 Apr, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KylinSoft hedron-domain-hook DBus init_kcm access control

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-kylinosKylinSoft
Product-hedron-domain-hookhedron-domain-hook
CWE ID-CWE-284
Improper Access Control
CVE-2024-0036
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.4||HIGH
EPSS-0.00% / 0.17%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 00:08
Updated-16 Dec, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-284
Improper Access Control
CVE-2022-29871
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:36
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_platinum_8153xeon_platinum_8276latom_x6212receleron_j1750core_i7-8705gxeon_platinum_9222core_i7-8665uz270xeon_w-3245mxeon_gold_6230tcore_i3-8300tpentium_j2850xeon_gold_6146core_i7-8706gcore_i7-1068ng7xeon_gold_6126txeon_w-3225core_i5-1035g7core_i7-10850hxeon_gold_5115xeon_platinum_8170xeon_gold_6136hm570core_i5-8400hceleron_j1850core_i7-8700celeron_n6210core_i5-10400fcore_i5-8400wm490xeon_gold_6138core_i3-10300core_i7-10700txeon_gold_6246core_i7-8086kceleron_4305ucore_i5-10210uceleron_n2815xeon_platinum_8164core_i5-8257ucore_i7-8700kcore_i5-10200hxeon_gold_6234xeon_gold_6238rq150converged_security_management_engine_firmwarecore_i5-1035g4celeron_n2940core_i3-8145ucore_i5-10400hceleron_4205uceleron_n5105h670xeon_gold_5215core_i3-10100yceleron_j3455core_i5-10400tcore_i3-8109uxeon_gold_6262vxeon_platinum_8168core_i5-10310ucore_i5-10505c246core_i5-1030g7xeon_gold_5218celeron_n4500cm236hm370pentium_n6415xeon_silver_4109tcore_i3-1000g1core_i7-10510yxeon_gold_5215lxeon_silver_4215rceleron_j3160core_i3-10110uxeon_gold_6138fxeon_gold_5122celeron_n3150celeron_n4100xeon_silver_4210tceleron_n3060xeon_gold_6212ucore_i5-10400hm470core_i5-8400bxeon_silver_4114xeon_gold_6248rcore_i5-10500tecore_i3-10105fcore_i3-8100hhm670xeon_gold_6258rxeon_bronze_3104h110core_i5-l16g7core_i5-10300hceleron_n4120xeon_gold_6240xeon_gold_6240lxeon_gold_6238lxeon_gold_6250core_i5-8350ucore_i9-10980hkw580q270xeon_platinum_8156c236core_i5-8600core_i5-8500tcore_i7-10510uxeon_w-3265mceleron_n2840atom_x6214receleron_j4125core_i3-10100ecore_i3-8100core_i7-1060g7celeron_n2910core_i9-10900celeron_n2930h410h570pentium_n3510xeon_gold_6126fcore_i3-10100txeon_gold_5218tcore_i9-8950hkxeon_gold_6150core_i9-10900ecore_i9-10850kxeon_gold_5220rxeon_gold_6140qm480pentium_n3700core_i9-10900kh270core_i5-8600kxeon_platinum_8160fq470core_i9-10900fcore_i5-8400tpentium_n3520core_i7-8750hxeon_gold_6250lcore_i7-10700core_i5-8365uqm580celeron_j3060b150h510xeon_gold_6210uc252celeron_n3160core_i3-10100term590exeon_gold_6126core_i3-10105tcore_i9-10885hcore_i7-10700fcore_i3-10325pentium_n3540z690core_i7-10750hxeon_silver_4216xeon_gold_6230xeon_platinum_8253q470ecore_i3-8300core_i3-1000g4core_i7-10875hwm690xeon_silver_4116tatom_x6427feq370core_i7-8809gcore_i3-8145ueceleron_j4105xeon_gold_6142fcore_i3-l13g4core_i7-8700bcore_i7-8709gcore_i3-10100b560xeon_gold_6238celeron_j1800xeon_gold_6130celeron_j1900z590core_i3-8100tq670xeon_silver_4208celeron_n4505xeon_platinum_8260h170core_i5-10210yh310wm590core_i7-8557ub660core_i5-10500eatom_x5-e3930xeon_gold_5220sxeon_w-3275mceleron_j3355core_i7-8700tatom_x7-e3950xeon_platinum_9242core_i5-8300hxeon_platinum_9282core_i5-10600tcore_i3-10110yxeon_platinum_8280lcore_i5-10600kfxeon_silver_4110core_i7-8650uxeon_bronze_3204core_i7-10700eceleron_j3355exeon_gold_5119txeon_silver_4108xeon_gold_6130tatom_x6414rec242xeon_silver_4210xeon_gold_6246rz370celeron_n3700core_i7-10870hxeon_gold_5217w480core_i5-1035g1core_i5-1038ng7h420exeon_gold_6230nhm170xeon_w-3265xeon_gold_5218nz170xeon_bronze_3106xeon_gold_6138tcm246xeon_w-3245x299xeon_gold_5120celeron_n3350core_i5-8500bcore_i7-10700kceleron_n3050core_i5-8269uceleron_n5095pentium_silver_j5005core_i5-1030g4celeron_n3520core_i7-10700teceleron_n3000xeon_gold_5220xeon_platinum_8160tceleron_n2807core_i5-10500xeon_silver_4214ratom_x6425exeon_gold_6254pentium_j3710xeon_silver_4114tpentium_j2900xeon_gold_6240yq570xeon_gold_6154core_i7-10710uq670ecore_i7-10700kfh370xeon_gold_6208ucore_i5-8279uxeon_platinum_8268w480epentium_n3530core_i7-8565uxeon_gold_5222xeon_w-3275core_i5-8250uatom_x6425receleron_n2820core_i3-10305b365xeon_silver_4209txeon_silver_4116hm175xeon_gold_6252ncore_i5-8259uxeon_platinum_9221xeon_gold_6244xeon_platinum_8160celeron_n2805celeron_n2806atom_x6416rexeon_gold_6248core_i5-10600kqm170atom_x5-e3940r680eceleron_4305uecore_i3-8140uxeon_platinum_8280core_m3-8100ycore_i9-10900kfcore_i3-10105pentium_n4200q170xeon_gold_6148fb460xeon_gold_6132celeron_n3350exeon_platinum_8256xeon_gold_6152xeon_platinum_8158hm570ecore_i7-8550ucore_i5-10310yceleron_n3010atom_x6211exeon_gold_6222vpentium_j6426core_i5-10500hxeon_platinum_8176xeon_gold_6242core_i5-8260uceleron_n2808celeron_j4025pentium_j4205c422qm175core_i7-10810ub250xeon_gold_6142xeon_platinum_8260yxeon_platinum_8270celeron_j6413c256xeon_gold_6242rxeon_gold_6128xeon_silver_4215core_i7-8850hxeon_gold_5118xeon_gold_6130fcore_i7-10610ucore_i3-10100fw680core_i7-8500yceleron_n2920atom_x6413eb360core_i5-10600xeon_silver_4214xeon_platinum_8276xeon_gold_6238txeon_silver_4210rxeon_silver_4214ycore_i7\+8700core_i5-8210yceleron_n6211xeon_gold_5218bxeon_gold_6138pcore_i5-8365uecore_i7-8665uexeon_platinum_8176fceleron_n4000celeron_n2830celeron_j3455exeon_gold_6240rpentium_n4200ecore_i3-10320core_i9-10900tcore_i5-8200ycore_i3-10300tcore_i5-8310yceleron_n3450qm580eceleron_n5100pentium_n3710celeron_n4020core_i5-8500xeon_gold_6209uh610xeon_silver_4112qm370celeron_j6412xeon_w-3223xeon_gold_6226xeon_gold_6256celeron_n2810xeon_gold_5120txeon_gold_6230rxeon_w-3175xcore_i7-8569uxeon_gold_6252atom_x6200fexeon_gold_6134q250z490core_i5-8265ucore_i5-10500txeon_w-3235h610epentium_gold_5405uxeon_gold_5218rxeon_gold_6226rcore_i3-1005g1celeron_j4005xeon_bronze_3206rcore_i3-8100bcore_i3-10305tcore_i3-8350kxeon_gold_6148c232core_i5-8600tcore_i5-8305gxeon_gold_6144pentium_silver_j5040core_i7-1065g7xeon_platinum_8260lcm238core_i7-8559ucore_i9-10900texeon_platinum_8180z390c420core_i3-8130uh470xeon_gold_5220tIntel(R) CSME software installerintel_csme_software_installer
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-52712
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 06:22
Updated-17 Jan, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-curiem-wfg9b_firmwarecuriem-wfg9bCurieM-WFG9B
CWE ID-CWE-284
Improper Access Control
CVE-2023-52711
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 06:19
Updated-17 Jan, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-curiem-wfg9b_firmwarecuriem-wfg9bCurieM-WFG9Bcuriem-wfg9b
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-49694
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-29 Nov, 2023 | 22:47
Updated-02 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemNETGEAR ProSAFE Network Management System
CWE ID-CWE-284
Improper Access Control
CVE-2021-28129
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.82%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:50
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice.

Action-Not Available
Vendor-The Apache Software Foundation
Product-openofficeApache OpenOffice
CWE ID-CWE-284
Improper Access Control
CVE-2021-25412
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.04%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CVE-2022-27836
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-22682
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-23 Apr, 2021 | 17:10
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation.

Action-Not Available
Vendor-hornerautomationn/a
Product-cscapeCscape
CWE ID-CWE-284
Improper Access Control
CVE-2023-45217
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.52%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-28 Aug, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationMicrosoft Corporation
Product-windowspower_gadgetIntel(R) Power Gadget software for Windowspower_gadget_software
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-284
Improper Access Control
CVE-2019-10128
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.11%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 19:15
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupMicrosoft Corporation
Product-windowspostgresqlpostgresql
CWE ID-CWE-284
Improper Access Control
CVE-2023-44290
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.12%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 06:46
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-command\|monitorDell Command Monitor (DCM)
CWE ID-CWE-284
Improper Access Control
CVE-2023-44282
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.04%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:16
Updated-29 Aug, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-44283
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.95%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 07:49
Updated-17 Oct, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist for Home PCsSupportAssist for Business PCssupportassist_for_business_pcssupportassist_for_home_pcs
CWE ID-CWE-284
Improper Access Control
CVE-2023-43517
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.05% / 14.17%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:47
Updated-15 May, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Automotive Multimedia

Memory corruption in Automotive Multimedia due to improper access control in HAB.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwaresa8775p_firmwaresa8650p_firmwareqam8650pqca6698aqqca6595srv1h_firmwareqam8775pqamsrv1mqca6574ausrv1hsa8540p_firmwaresa8255p_firmwaresa8540pqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwareqam8650p_firmwaresa8770p_firmwareqam8775p_firmwaresa8255pqca6696_firmwareqca6595_firmwareqamsrv1hqca6696qam8295psa8650pqamsrv1h_firmwaresa9000pqam8295p_firmwaresa9000p_firmwaresa8775pqca6574au_firmwaresrv1msa8295p_firmwareqam8255psa8770psa8295pSnapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44292
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.04%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:22
Updated-14 Aug, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)repository_manager
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-43748
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.68%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzers_frameworkIntel(R) GPA Framework software installersgraphics_performance_analyzer
CWE ID-CWE-284
Improper Access Control
CVE-2021-1419
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.78%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:30
Updated-07 Nov, 2024 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Access Points SSH Management Privilege Escalation Vulnerability

A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562iaironet_1830eaironet_1850ecatalyst_iw6300_dcwaironet_1840icatalyst_iw6300_ac1100-8pcatalyst_9105axwesw63001100-8p_firmwarecatalyst_iw6300_ac_firmwarecatalyst_9115axe_firmwarecatalyst_9130axecatalyst_9130axe_firmwareaironet_1830e_firmwareaironet_1562ecatalyst_9105axw_firmwarecatalyst_9117_firmwareaironet_2800i_firmwareaironet_2800icatalyst_9105axi_firmwareaironet_1542iaironet_3800pcatalyst_iw6300_dc_firmwareaironet_3800p_firmwarecatalyst_9124axicatalyst_iw6300_dccatalyst_9120axpcatalyst_9115axiwireless_lan_controller_softwareaironet_1815iaironet_1815waironet_4800catalyst_9117axicatalyst_9800_firmwarecatalyst_9800-laironet_4800_firmwareaironet_1850i_firmwarecatalyst_9124axi_firmwareaironet_1815m_firmwareaironet_1562d_firmwareaironet_1815t_firmwareaironet_3800icatalyst_9120axi_firmwareaironet_1562i_firmwarecatalyst_9800-clcatalyst_9120axp_firmwareaironet_2800ecatalyst_9130axi_firmwareaironet_3800ecatalyst_9120axe_firmware1160_integrated_services_routeraironet_1830i_firmwarecatalyst_9120axeaironet_1815taironet_3800i_firmwareaironet_3800e_firmwarecatalyst_9115axi_firmwarecatalyst_9800-80aironet_1815i_firmwareaironet_1830iaironet_1850e_firmwareesw6300_firmwarecatalyst_9130axiaironet_1542dcatalyst_9800-40aironet_1815w_firmware1160_firmwareaironet_1542i_firmwareaironet_1562dcatalyst_9124axdcatalyst_iw6300_dcw_firmwarecatalyst_9105axicatalyst_9120axiaironet_2800e_firmwarecatalyst_9115axeaironet_1850i11201120_firmwareaironet_1562e_firmwareaironet_1815mcatalyst_9124axd_firmwareaironet_1542d_firmwareaironet_1840i_firmwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-44289
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.12%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 06:41
Updated-05 Jun, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-43086
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.86%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 06:27
Updated-02 Aug, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-43072
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 8.22%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 17:47
Updated-19 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_storage_softwareDell SmartFabric Storage Software
CWE ID-CWE-284
Improper Access Control
CVE-2012-6689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.16%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-43079
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.93%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 11:52
Updated-27 Feb, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_server_administratorDell OpenManage Server Administrator
CWE ID-CWE-284
Improper Access Control
CVE-2020-6971
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.43%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 20:02
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.

Action-Not Available
Vendor-emersonn/a
Product-valvelinkEmerson ValveLink
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-10138
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.88%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 13:40
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protectcyber_backupCyber BackupCyber Protect
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-665
Improper Initialization
CVE-2023-41772
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-21.28% / 95.47%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found