Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-25185

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Jun, 2023 | 00:00
Updated At-12 Dec, 2024 | 21:41
Rejected At-
Credits

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Jun, 2023 | 00:00
Updated At:12 Dec, 2024 | 21:41
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.13.8LOW
CVSS:3.1/AC:H/AV:L/A:L/C:L/I:L/PR:H/S:U/UI:R
Version: 3.1
Base score: 3.8
Base severity: LOW
Vector:
CVSS:3.1/AC:H/AV:L/A:L/C:L/I:L/PR:H/S:U/UI:R
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://Nokia.com
N/A
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/
N/A
Hyperlink: https://Nokia.com
Resource: N/A
Hyperlink: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://Nokia.com
x_transferred
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/
x_transferred
Hyperlink: https://Nokia.com
Resource:
x_transferred
Hyperlink: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-863CWE-863 Incorrect Authorization
Type: CWE
CWE ID: CWE-863
Description: CWE-863 Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Jun, 2023 | 19:15
Updated At:12 Dec, 2024 | 22:15

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.8LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 3.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Nokia Corporation
nokia
>>asika_airscale_firmware>>19b
cpe:2.3:o:nokia:asika_airscale_firmware:19b:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>asika_airscale_firmware>>20a
cpe:2.3:o:nokia:asika_airscale_firmware:20a:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>asika_airscale_firmware>>20b
cpe:2.3:o:nokia:asika_airscale_firmware:20b:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>asika_airscale_firmware>>20c
cpe:2.3:o:nokia:asika_airscale_firmware:20c:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>asika_airscale_firmware>>21a
cpe:2.3:o:nokia:asika_airscale_firmware:21a:*:*:*:*:*:*:*
Nokia Corporation
nokia
>>asika_airscale>>-
cpe:2.3:h:nokia:asika_airscale:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE-863Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-863
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://Nokia.comcve@mitre.org
Product
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/cve@mitre.org
Vendor Advisory
https://Nokia.comaf854a3a-2127-422b-91ae-364da2661108
Product
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://Nokia.com
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://Nokia.com
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

774Records found
CVE-2024-32906
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.86%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-08 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid_kernel
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-21046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.76%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 15:11
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege.

Action-Not Available
Vendor-softonicn/a
Product-eaglegetn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-25011
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.54%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges.

Action-Not Available
Vendor-NEC Corporation
Product-pc_settings_toolPC settings tool
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-24509
Matching Score-4
Assigner-Arista Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Arista Networks, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.05% / 16.84%
||
7 Day CHG~0.00%
Published-13 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ...

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.

Action-Not Available
Vendor-Arista Networks, Inc.
Product-7504r3755x7304x37308x7316x7812r3758x7512r7512r37508r37808r37304x7504r7516r7804r37816r3704x37328x7508r7324xeosArista EOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-25144
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.03%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 22:19
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsapex_oneTrend Micro Apex One
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-24483
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.00%
||
7 Day CHG-0.06%
Published-16 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA

A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Microsoft Corporation
Product-virtual_apps_and_desktopswindowsCitrix Virtual Apps and Desktops
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-24491
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.06%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 21:13
Updated-07 Nov, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Microsoft Corporation
Product-windowssecure_access_clientCitrix Secure Access client for Windowssecure_access_client
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-24485
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.26%
||
7 Day CHG-0.04%
Published-16 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation on the system running a vulnerable version of Citrix Workspace app for Windows

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)
Product-workspaceCitrix Workspace App for Windows
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-23696
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.08% / 24.10%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 09:49
Updated-25 Mar, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_intel_vpro_out_of_bandDell Command Intel vPro Out of Band (DCIV)
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-3745
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.56%
||
7 Day CHG-0.00%
Published-18 May, 2024 | 12:34
Updated-01 Aug, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MSI Afterburner v4.6.6.16381 Beta 3 - ACL Bypass

MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.

Action-Not Available
Vendor-MSImsi
Product-MSI Afterburnerafterburner
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-32849
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.99%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 21:17
Updated-30 Jul, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-maximum_security_2022windowsmaximum_security_2023Trend Micro Maximum Security (Consumer)maximum_security
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-23412
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.73%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Accounts Picture Elevation of Privilege Vulnerability

Windows Accounts Picture Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_10_22h2windows_10_20h2windows_server_2022windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-20713
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.78%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 03:20
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed.

Action-Not Available
Vendor-QualitySoft Corporation
Product-qndQND Advance/Premium/Standard
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21730
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.24%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21773
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 67.04%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21774
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 67.04%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-22023
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.21%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 20:18
Updated-13 Sep, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: CVE-2023-22023 is equivalent to CVE-2023-31284. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-22593
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.03% / 4.94%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 18:00
Updated-06 Nov, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation for Cloud Pak security configuration

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftrobotic_process_automationRobotic Process Automation for Cloud Pak
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21772
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 67.04%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-2257
Matching Score-4
Assigner-Devolutions Inc.
ShareView Details
Matching Score-4
Assigner-Devolutions Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 2.15%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 18:48
Updated-04 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationDevolutions
Product-macoswindowsworkspaceWorkspace Desktop
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-22576
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.02% / 2.90%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 09:44
Updated-23 Aug, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)repository_manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-31334
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.10%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:11
Updated-17 Dec, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Imagination Technologies LimitedGoogle LLC
Product-androidAndroidpowervr-gpu
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20871
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.69%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.

Action-Not Available
Vendor-n/aApple Inc.VMware (Broadcom Inc.)
Product-fusionmac_os_xVMware Fusion
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21035
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184847040

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21551
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.26%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21068
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.65%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-20 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21561
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.75%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21396
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20995
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.16%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-16902
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:17
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

<p>An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21113
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.71%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:09
Updated-13 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21254
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.48%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 23:32
Updated-05 Nov, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-1654
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.84%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CSC Service Elevation of Privilege Vulnerability

Windows CSC Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20950
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.12%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-195756028

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21272
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.74%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 21:01
Updated-09 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21117
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.00% / 0.10%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-31 Jan, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-20975
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21670
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.57%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-07 Jan, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access control in GPU Subsystem

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqam8255p_firmwaresm7325-ae_firmwaresa6150p_firmwaresm6250p_firmwareqcs610315_5g_iot_modem_firmwareqca8337qam8775psnapdragon_212_mobile_platformwcn3950_firmwaresa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155qca6335sm8350sdm670csra6620_firmwareqcs605_firmwarecsra6640_firmwarewcn685x-1qcs400_firmwaresm7350-ab_firmwaresda845_firmwaresnapdragonwear_4100\+_platformsm4375wcn3998qam8295pwcn3950qcn6024_firmwaresm4125wcn3660bsm7150-acqsm8350_firmwareqsm8350sm7315_firmwaresm7325-aesnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaresm6225-adqca6420sda845snapdragon_auto_5g_modem-rf_firmwaresm6225-ad_firmwareqrb5165m_firmwareqrb5165_firmwareqca6698aqsa4155p_firmwaresa8155_firmwaresnapdragon_7c\+_gen3_computesm7250-ab_firmwareqca6430wcd9340sw5100qca6436sa6155pqca6698aq_firmwaresnapdragon_690_5g_mobile_platformmsm8905wcn685x-1_firmwaresm8150_firmwarewcd9341qam8775p_firmwaresa8255psnapdragon_ar2_gen1_platform_firmwareqca6696_firmwaresnapdragon_x12_lte_modemqca6797aqwcn3910_firmwaresm4350_firmwaresa8150psm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresm7225_firmwarewcn3988sd660_firmwaresm4250-aa_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresm6125_firmwaresa8295p_firmwarewcn3610snapdragon_675_mobile_platform_firmwarec-v2x9150wcn3991qca8337_firmwarewcd9380_firmwaressg2125psdm429wsw5100psdm429sd670_firmwareqca6574wcd9380qcs410snapdragon_210_processorsm7150-aa_firmwaresxr1230pqcn9012_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225qcm4325_firmwareqcs605wcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910sdm429_firmwareqcs8250qca6426_firmwaresm4450wcn3660b_firmwarewcn3680qcn9024wcn3980_firmwaresd730snapdragon_x50_5g_modem-rf_system_firmwaresm7150-aasa8295psm8475_firmwarewcn6740_firmwaresm7125qcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemar8031_firmwarewcn3680_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwaresnapdragon_xr2\+_gen1_platformsdm660qca6797aq_firmwarewcn785x-1_firmwaresdm710sd670qcn9024_firmwareqcm4290_firmwaresnapdragon_x24_lte_modemwsa8832sw5100p_firmwareqcs610_firmwaresa6145par8031qcs4490qca6595_firmwaresa8145pqca6391_firmwaresa4150p_firmwarewcd9370_firmwareqm215_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psnapdragon_695_5g_mobile_platformssg2115p_firmwareqcs8155_firmwareqam8255psa4155par8035_firmwareqcm2290sdm845_firmwarewcn3991_firmwarewsa8830snapdragon_662_mobile_platform_firmwaresxr2230p_firmwaresa8145p_firmwaresm6125snapdragon_x24_lte_modem_firmwareqcs2290_firmwareqam8650pwcn785x-5flight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwaresm7250-ac_firmwareqcs4290qca6420_firmwareqca6390_firmwaresd730_firmwarewcd9370ssg2115pqca6426wcn3990_firmwareqrb5165n_firmwaresm8450qca9377sm8250-abwcd9385_firmwarewcd9326_firmwarewcn3615_firmwaresnapdragon_w5\+_gen1_wearable_platformqam8295p_firmwaresm7325-afqcn9011_firmwaresa8155snapdragon_x55_5g_modem-rf_systemmsm8905_firmwarewcn3680b_firmwaresdx55_firmwaresnapdragon_7c\+_gen3_compute_firmwaresnapdragon_212_mobile_platform_firmwarewcn3615qca6595ausm7325-af_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwaresm4350-acqrb5165nsnapdragon_680_4g_mobile_platform_firmwaresa6155p_firmwareqca6310snapdragon_x65_5g_modem-rf_system_firmwareqcs8155qcs6490qcs8550_firmwaresm8250_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemqcn9074sa6145p_firmwareqm215sm6250sm7250-aasnapdragon_xr2\+_gen1_platform_firmwaresa8195psxr1120sdm710_firmwarewsa8810_firmwaresm4375_firmwaresm8450_firmwarewcd9326wcd9335sa8255p_firmwaresg4150pqca8081qcm4490qca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwaresm7150-abqca6390wcd9375ar8035aqt1000snapdragon_210_processor_firmwaresm6250_firmwaresnapdragon_662_mobile_platformwcn3620_firmwaresm8150wsa8815_firmwareqcm6490wsa8835_firmwarewcn3620sm7350-absxr1120_firmwaresa4150psg4150p_firmwarewcn785x-1qcm4325qcm2290_firmwarewcn3990sdm845sd865_5gsnapdragon_ar2_gen1_platformqca6595sm8350-ac_firmwaresm8150-acqcn9012sd888wsa8835sxr1230p_firmwaresdm429w_firmwarec-v2x9150_firmwaresnapdragon_auto_5g_modem-rfsm6250psxr2130ssg2125p_firmwareqca6574awcn685x-5_firmwareqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresm7250-abqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwareqca6574a_firmwareqrb5165mwcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwaresm8250-ab_firmwareqca6391aqt1000_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_w5\+_gen1_wearable_platform_firmwareqcm4290qcm6490_firmwarewsa8832_firmwaresnapdragon_xr1_platformwcn685x-5qcn9011qca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwarewsa8810sm7250-aa_firmwaresm7250-acsnapdragon_680_4g_mobile_platformsm8150-ac_firmwarewcn3680bsm8350-acqam8650p_firmwaresnapdragon_675_mobile_platformwcn6740qca6696qcs8550snapdragonwear_4100\+_platform_firmwaresm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsa6150pqcn6024sm7250psw5100_firmwareqcn9074_firmwareqcs410_firmwareqcs400sdm660_firmwaresnapdragon_xr1_platform_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21374
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.16%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21390
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.34%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-05 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21343
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.66%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-31325
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:09
Updated-17 Dec, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21421
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 9.53%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21245
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 23:26
Updated-06 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21034
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.13%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230358834

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21397
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.85%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20971
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.61%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21270
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.45%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 18:00
Updated-18 Dec, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndrioidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21552
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.49% / 80.26%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20565
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.26%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:54
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_pro_7940hs_firmwareryzen_5_6600h_firmwareryzen_9_pro_7940h_firmwareryzen_7_7800x3d_firmwareryzen_5_pro_7640hs_firmwareryzen_7_7735hs_firmwareryzen_9_6900hx_firmwareryzen_9_5980hxryzen_7_pro_7730uryzen_7_5800hsryzen_3_pro_7330uryzen_5_5500hryzen_5_5600hsryzen_3_5300geryzen_7_5825uryzen_7_5825u_firmwareryzen_5_6600hryzen_9_6980hxryzen_5_5560uryzen_9_7950xryzen_5_pro_7640uryzen_pro_7745ryzen_9_7900xryzen_7_7700xryzen_5_6600hsryzen_9_5900hsryzen_5_pro_7545u_firmwareryzen_7_7700x_firmwareryzen_7_5700gryzen_9_5980hsryzen_3_pro_7440u_firmwareryzen_3_5125c_firmwareryzen_9_6900hxryzen_5_7600ryzen_7_5800h_firmwareryzen_pro_7745_firmwareryzen_9_6900hsryzen_pro_7945_firmwareryzen_pro_7945ryzen_5_5500ryzen_7_pro_7840u_firmwareryzen_3_5400uryzen_pro_3900_firmwareryzen_7_7700_firmwareryzen_9_5980hs_firmwareryzen_7_7735uryzen_3_5300gryzen_5_7600x_firmwareryzen_7_6800h_firmwareryzen_7_6800u_firmwareryzen_5_5600ge_firmwareryzen_5_pro_7530uryzen_5_5600hs_firmwareryzen_5_5600h_firmwareryzen_7_pro_7840h_firmwareryzen_7_5700ryzen_9_6900hs_firmwareryzen_3_5400u_firmwareryzen_5_pro_7640u_firmwareryzen_7_6800hs_firmwareryzen_7_pro_7840uryzen_5_7535uryzen_7_7800x3dryzen_9_7900x3d_firmwareryzen_5_5500_firmwareryzen_5_pro_7640hsryzen_5_pro_7640h_firmwareryzen_5_5600hryzen_7_6800hsryzen_5_7535u_firmwareryzen_5_pro_7640hryzen_7_6800uryzen_7_7736uryzen_5_5600gryzen_3_5425u_firmwareryzen_7_7735hsryzen_9_7900x3dryzen_5_5600uryzen_9_pro_7940hryzen_5_pro_7540u_firmwareryzen_pro_7645_firmwareryzen_9_5900hx_firmwareryzen_pro_3900ryzen_5_5600geryzen_9_7900_firmwareryzen_5_7600xryzen_3_5300ge_firmwareryzen_5_5625uryzen_5_6600uryzen_9_6980hs_firmwareryzen_7_5700geryzen_3_pro_7440uryzen_7_pro_7840hryzen_3_5125cryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_pro_7645ryzen_5_6600u_firmwareryzen_3_7335uryzen_7_5700g_firmwareryzen_5_7535hs_firmwareryzen_7_5700_firmwareryzen_5_7600_firmwareryzen_7_pro_7840hs_firmwareryzen_7_pro_7840hsryzen_5_7500f_firmwareryzen_5_7535hsryzen_3_5300g_firmwareryzen_5_7500fryzen_7_5800u_firmwareryzen_9_pro_7940hsryzen_7_7736u_firmwareryzen_5_6600hs_firmwareryzen_3_pro_7330u_firmwareryzen_3_5425uryzen_5_pro_7540uryzen_5_5560u_firmwareryzen_3_5100_firmwareryzen_9_5980hx_firmwareryzen_7_5800uryzen_9_5900hxryzen_9_7950x3d_firmwareryzen_5_5600g_firmwareryzen_9_7950x3dryzen_7_7700ryzen_5_5500h_firmwareryzen_5_pro_7545uryzen_3_5100ryzen_7_5800hryzen_7_pro_7730u_firmwareryzen_9_7900ryzen_9_7950x_firmwareryzen_5_pro_7530u_firmwareryzen_7_5800hs_firmwareryzen_5_5625u_firmwareryzen_3_7335u_firmwareryzen_7_5700ge_firmwareryzen_9_6980hsryzen_7_6800hryzen_9_7900x_firmwareAMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"AMD Ryzen™ Embedded V3000Ryzen™ 7000 Series Desktop Processors “Raphael” XD3AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R” Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found