Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-2782

Summary
Assigner-Acronis
Assigner Org ID-73dc0fef-1c66-4a72-9d2d-0a0f4012c175
Published At-18 May, 2023 | 10:16
Updated At-22 Jan, 2025 | 16:08
Rejected At-
Credits

Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Acronis
Assigner Org ID:73dc0fef-1c66-4a72-9d2d-0a0f4012c175
Published At:18 May, 2023 | 10:16
Updated At:22 Jan, 2025 | 16:08
Rejected At:
â–¼CVE Numbering Authority (CNA)

Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38.

Affected Products
Vendor
Acronis (Acronis International GmbH)Acronis
Product
Acronis Cyber Infrastructure
Platforms
  • ACI
Default Status
unaffected
Versions
Affected
  • From unspecified before 5.3.1-38 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-285CWE-285
Type: CWE
CWE ID: CWE-285
Description: CWE-285
Metrics
VersionBase scoreBase severityVector
3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security-advisory.acronis.com/advisories/SEC-3475
vendor-advisory
Hyperlink: https://security-advisory.acronis.com/advisories/SEC-3475
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security-advisory.acronis.com/advisories/SEC-3475
vendor-advisory
x_transferred
Hyperlink: https://security-advisory.acronis.com/advisories/SEC-3475
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@acronis.com
Published At:18 May, 2023 | 11:15
Updated At:25 May, 2023 | 16:23

Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Acronis (Acronis International GmbH)
acronis
>>cyber_infrastructure>>Versions before 5.3.1-38(exclusive)
cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-863Primarynvd@nist.gov
CWE-285Secondarysecurity@acronis.com
CWE ID: CWE-863
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-285
Type: Secondary
Source: security@acronis.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security-advisory.acronis.com/advisories/SEC-3475security@acronis.com
Vendor Advisory
Hyperlink: https://security-advisory.acronis.com/advisories/SEC-3475
Source: security@acronis.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

75Records found
CVE-2026-28725
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.05%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 23:56
Updated-13 Mar, 2026 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowscyber_protectAcronis Cyber Protect 17
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-48680
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.17% / 37.68%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 16:51
Updated-06 Feb, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAcronis (Acronis International GmbH)
Product-macoswindowscyber_protectAcronis Cyber Protect 16
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2023-45240
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.75%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 21:57
Updated-20 Sep, 2024 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agent
CWE ID-CWE-862
Missing Authorization
CVE-2023-44159
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.26%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 12:02
Updated-23 Sep, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-41745
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 8.29%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 17:16
Updated-27 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-cyber_protectlinux_kernelwindowsmacosagentAcronis AgentAcronis Cyber Protect 15
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-41751
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.95%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 20:18
Updated-01 Oct, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowsagentAcronis Agentagent
CWE ID-CWE-287
Improper Authentication
CVE-2023-41750
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.10% / 28.10%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 20:18
Updated-26 Sep, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agent
CWE ID-CWE-862
Missing Authorization
CVE-2023-5042
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 28.83%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 11:03
Updated-10 Apr, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Microsoft Corporation
Product-cyber_protect_home_officewindowsAcronis Cyber Protect Home OfficeAcronis True Image OEM
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-49385
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.39%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 14:14
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736, Acronis True Image OEM (Windows) before build 42575.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-Acronis True Image OEMAcronis True Image
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-34018
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 19:15
Updated-12 Sep, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-snap_deployAcronis Snap Deploy
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-44746
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-2.2||LOW
EPSS-0.04% / 11.13%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 19:01
Updated-30 Apr, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protect_home_officeAcronis Cyber Protect Home Office
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-44745
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-4||MEDIUM
EPSS-0.07% / 20.25%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 19:00
Updated-01 May, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protect_home_officeAcronis Cyber Protect Home Office
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-48678
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 16:45
Updated-06 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Microsoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernelcyber_protectAcronis Cyber Protect 16cyber_protect
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-44214
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.75%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 21:57
Updated-20 Sep, 2024 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agent
CWE ID-CWE-862
Missing Authorization
CVE-2023-45242
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.31%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 21:57
Updated-06 Mar, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Microsoft CorporationApple Inc.
Product-macosagentwindowslinux_kernelAcronis Cyber Protect 17Acronis Cyber Protect Cloud Agent
CWE ID-CWE-862
Missing Authorization
CVE-2023-45245
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.07% / 20.69%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 09:53
Updated-19 Sep, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agent
CWE ID-CWE-862
Missing Authorization
CVE-2023-45243
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.75%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 21:57
Updated-06 Mar, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Microsoft CorporationApple Inc.
Product-macosagentwindowslinux_kernelAcronis Cyber Protect 17Acronis Cyber Protect Cloud Agent
CWE ID-CWE-862
Missing Authorization
CVE-2023-45241
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.19%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 21:57
Updated-20 Sep, 2024 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Cyber Protect Cloud AgentAcronis Cyber Protect 16
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-44210
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.45%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 19:53
Updated-06 Mar, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 29258, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Microsoft CorporationApple Inc.
Product-macosagentwindowslinux_kernelAcronis Cyber Protect 17Acronis Cyber Protect Cloud Agentagent
CWE ID-CWE-862
Missing Authorization
CVE-2023-44213
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.07% / 21.42%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 21:56
Updated-10 Sep, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowsagentAcronis Cyber Protect Cloud AgentAcronis Cyber Protect 16
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2023-4688
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 9.43%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 20:26
Updated-26 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agent
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-28724
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.22%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 23:55
Updated-13 Mar, 2026 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowscyber_protectAcronis Cyber Protect 17
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28719
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.91%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 23:54
Updated-13 Mar, 2026 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowscyber_protectAcronis Cyber Protect 17
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28709
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.68%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 23:48
Updated-12 Mar, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Microsoft Corporation
Product-windowscyber_protectlinux_kernelAcronis Cyber Protect 17
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28726
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.22%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 23:57
Updated-13 Mar, 2026 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowscyber_protectAcronis Cyber Protect 17
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28720
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.91%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 23:54
Updated-13 Mar, 2026 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowscyber_protectAcronis Cyber Protect 17
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28723
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.91%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 23:55
Updated-13 Mar, 2026 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowscyber_protectAcronis Cyber Protect 17
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28716
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.59%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 23:52
Updated-12 Mar, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Microsoft Corporation
Product-windowscyber_protectlinux_kernelAcronis Cyber Protect 17
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28715
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 23:52
Updated-12 Mar, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Microsoft Corporation
Product-windowscyber_protectlinux_kernelAcronis Cyber Protect 17
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-44204
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.53%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-17 Sep, 2024 | 01:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation via named pipe due to improper access control checks

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectcyber_protect_home_officewindowstrue_imageagentAcronis Cyber Protect 15Acronis AgentAcronis Cyber Protect Home OfficeAcronis True Image 2021
CWE ID-CWE-285
Improper Authorization
CVE-2022-45450
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.97%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 09:27
Updated-22 Jan, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-cyber_protectlinux_kernelwindowsmacosagentAcronis Cyber Protect 15Acronis Agent
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-42006
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.28%
||
7 Day CHG~0.00%
Published-01 Dec, 2023 | 16:58
Updated-02 Aug, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i information disclosure

IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28881
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 9.67%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:32
Updated-02 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-285
Improper Authorization
CVE-2022-28774
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.80%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 14:55
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.

Action-Not Available
Vendor-SAP SE
Product-host_agentSAP Host Agent
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-28542
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 16.73%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-38368
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:25
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Docker information disclosure

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager Docker
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-30705
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 16.73%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-08 Oct, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-29819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.69%
||
7 Day CHG+0.03%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload.

Action-Not Available
Vendor-webrootn/a
Product-secureanywheren/a
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-20666
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-285
Improper Authorization
CVE-2023-26818
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.65% / 89.41%
||
7 Day CHG~0.00%
Published-19 May, 2023 | 00:00
Updated-21 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.

Action-Not Available
Vendor-telegramn/a
Product-telegramn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-26949
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.17%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 17:04
Updated-05 Mar, 2026 | 22:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-device_management_agentDevice Management Agent (DDMA)
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-0359
Matching Score-4
Assigner-Axis Communications AB
ShareView Details
Matching Score-4
Assigner-Axis Communications AB
CVSS Score-8.5||HIGH
EPSS-0.11% / 29.39%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 05:21
Updated-22 Jan, 2026 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Action-Not Available
Vendor-axisAxis Communications AB
Product-axis_os_2024axis_osAXIS OS
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-8270
Matching Score-4
Assigner-Pentraze Cybersecurity
ShareView Details
Matching Score-4
Assigner-Pentraze Cybersecurity
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.00%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 23:22
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
macOS Rocket.Chat: TCC Policy Bypass via Dylib Injection Due to Missing Code Signing Flags and Dangerous Entitlements

The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, camera, automation, network client). Since Rocket.Chat was not signed with the Hardened Runtime nor set to enforce Library Validation, it is vulnerable to DYLIB injection attacks, which can lead to unauthorized actions or escalation of permissions. Consequently, an attacker gains capabilities that are not permitted by default under the Sandbox and its application profile.

Action-Not Available
Vendor-Rocket.Chat
Product-Rocket.Chat Desktop
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21311
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-31829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 15:43
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/Linux
Product-debian_linuxlinux_kernelfedoran/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-51525
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.08% / 22.88%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 09:19
Updated-18 Sep, 2025 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-285
Improper Authorization
CVE-2017-8252
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.10%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-05 Aug, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9635m_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439qc_215_firmwaresd_670_firmwaresd_429sdx24sdm439mdm9650sd_636sm7150_firmwaresd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresm7150sd_410sd_820a_firmwareqcs605_firmwaresd_675_firmwareipq4019_firmwaremdm9206sd_652sd_425_firmwaresdx24_firmwaresd_625_firmwareipq8074sd_450mdm9635msd_8cx_firmwaremdm9615sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwareqc_215sd_835sda660sxr1130_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwareqca8081_firmwaresxr1130msm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_855sd_412sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sd_710_firmwaresdm630sd_625ipq8074_firmwaresd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwareqca8081mdm9150sd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sdm439_firmwaresd_412_firmwaresd_712_firmwaresd_855_firmwaresdm630_firmwaresda660_firmwaresd_8cxsd_430ipq4019sd_427sd_670sd_435_firmwaremdm9615_firmwaresdx20_firmwaresd_710sd_410_firmwaresd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-285
Improper Authorization
CVE-2021-25499
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.07%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:11
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-285
Improper Authorization
CVE-2018-9867
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.33%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

Action-Not Available
Vendor-SonicWall Inc.
Product-sonicossonicosvSonicOSvSonicOS
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-25355
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.76%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:13
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • Next
Details not found