Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-51429

Summary
Assigner-Honor
Assigner Org ID-3836d913-7555-4dd0-a509-f5667fdf5fe4
Published At-29 Dec, 2023 | 03:36
Updated At-09 Sep, 2024 | 17:42
Rejected At-
Credits

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Honor
Assigner Org ID:3836d913-7555-4dd0-a509-f5667fdf5fe4
Published At:29 Dec, 2023 | 03:36
Updated At:09 Sep, 2024 | 17:42
Rejected At:
▼CVE Numbering Authority (CNA)

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Affected Products
Vendor
Honor Device Co., Ltd.Honor
Product
Magic OS
Default Status
unaffected
Versions
Affected
  • From 7.0 before 7.0.0.156 (custom)
Metrics
VersionBase scoreBase severityVector
3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.hihonor.com/global/security/cve-2023-51429/
N/A
Hyperlink: https://www.hihonor.com/global/security/cve-2023-51429/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.hihonor.com/global/security/cve-2023-51429/
x_transferred
Hyperlink: https://www.hihonor.com/global/security/cve-2023-51429/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:3836d913-7555-4dd0-a509-f5667fdf5fe4
Published At:29 Dec, 2023 | 04:15
Updated At:09 Sep, 2024 | 18:35

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CPE Matches
Honor Device Co., Ltd.
hihonor
>>magic_os>>Versions before 7.0.0.156(exclusive)
cpe:2.3:o:hihonor:magic_os:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE-269Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-269
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.hihonor.com/global/security/cve-2023-51429/3836d913-7555-4dd0-a509-f5667fdf5fe4
Vendor Advisory
Hyperlink: https://www.hihonor.com/global/security/cve-2023-51429/
Source: 3836d913-7555-4dd0-a509-f5667fdf5fe4
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

62Records found
CVE-2023-51430
Matching Score-10
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-10
Assigner-Honor Device Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 19.76%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:39
Updated-27 Nov, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_uiMagic UI
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-51433
Matching Score-10
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-10
Assigner-Honor Device Co., Ltd.
CVSS Score-2.9||LOW
EPSS-0.12% / 30.79%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:47
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_uiMagic UI
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-23441
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6||MEDIUM
EPSS-0.04% / 13.15%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:11
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_uiMagic UI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-23426
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 18.39%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:54
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-fri-an00_firmwarefri-an00FRI-AN00
CVE-2023-23439
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.04% / 14.05%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:44
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-lge-an00lge-an00_firmwareLGE-AN00
CVE-2023-23437
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:15
Updated-29 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-vmallcom.hihonor.vmall
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-23434
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.79%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:05
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-honorboardappHonorBoardApp
CVE-2024-47154
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.10%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:39
Updated-05 Jun, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-8994
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6.2||MEDIUM
EPSS-0.14% / 33.10%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:13
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-8992
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.20% / 41.47%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:28
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-8993
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6.2||MEDIUM
EPSS-0.18% / 38.90%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:18
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47153
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6.2||MEDIUM
EPSS-0.14% / 33.10%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:31
Updated-05 Jun, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47156
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.13% / 32.13%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:02
Updated-05 Jun, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Leak Vulnerability in Honor Product

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagicOS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47150
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.10% / 27.24%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 12:16
Updated-05 Jun, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47155
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 38.90%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:47
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-23440
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.15% / 35.67%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:47
Updated-09 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-lge-an00lge-an00_firmwareLGE-AN00
CVE-2023-51432
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-3.2||LOW
EPSS-0.08% / 23.11%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:45
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_uiMagic UI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-23430
Matching Score-6
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:09
Updated-17 Apr, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magichomecom.hihonor.magichome
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-23427
Matching Score-6
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Honor Device Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.06% / 20.00%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:58
Updated-27 Jan, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-23438
Matching Score-6
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Honor Device Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:19
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-lge-an00lge-an00_firmwareLGE-AN00
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-23429
Matching Score-6
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Honor Device Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.09% / 25.19%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:06
Updated-27 Jan, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-31368
Matching Score-6
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Honor Device Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.52%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 06:40
Updated-10 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Bypass in AiAssistant

AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-AIAssistant
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-31369
Matching Score-6
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Honor Device Co., Ltd.
CVSS Score-3.2||LOW
EPSS-0.02% / 5.52%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 06:26
Updated-05 May, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Bypass in PcManager

PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-PcManager
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-57840
Matching Score-6
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Honor Device Co., Ltd.
CVSS Score-2.2||LOW
EPSS-0.01% / 2.20%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 06:55
Updated-29 Dec, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Bypass in ADB

ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-Magic OS
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-23428
Matching Score-6
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:02
Updated-27 Jan, 2026 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-51435
Matching Score-6
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Honor Device Co., Ltd.
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.67%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:51
Updated-17 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_uiMagic UI
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-35671
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 40.29%
||
7 Day CHG-0.01%
Published-11 Sep, 2023 | 20:09
Updated-26 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-29819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.90%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload.

Action-Not Available
Vendor-webrootn/a
Product-secureanywheren/a
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-14590
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.20%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 19:05
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-graphics_drivercloud_backupsteelstore_cloud_integrated_storagesolidfire_baseboard_management_controller_firmwaresolidfire_baseboard_management_controllerdata_availability_services2019.2 IPU – Intel(R) Graphics Driver for Windows* and Linux
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21376
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.66%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-25502
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.9||HIGH
EPSS-0.01% / 1.18%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 02:03
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-48828
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.71%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 17:10
Updated-14 Jul, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-44119
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.58%
||
7 Day CHG~0.00%
Published-08 Jun, 2026 | 15:17
Updated-11 Jun, 2026 | 04:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-http_serverApache HTTP Server
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-34218
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 0.48%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 15:13
Updated-06 Apr, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClearanceKit: Managed and user-defined policy rules not enforced between opfilter start and first policy modification

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with policies through the GUI, triggering a policy mutation over XPC. This issue has been patched in version 4.2.14.

Action-Not Available
Vendor-craigjbasscraigjbass
Product-clearancekitclearancekit
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-44147
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.7||HIGH
EPSS-0.06% / 19.55%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-02 Apr, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOSios_and_ipados
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-32212
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.72%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:57
Updated-01 Jun, 2026 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_21h2windows_10_1809windows_11_25h2windows_server_2022windows_server_2025windows_10_1607windows_server_2019windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_server_2016windows_11_23h2windows_server_2012Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 11 version 26H1Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012Windows 11 Version 25H2Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-29122
Matching Score-4
Assigner-Gridware Cybersecurity
ShareView Details
Matching Score-4
Assigner-Gridware Cybersecurity
CVSS Score-8.3||HIGH
EPSS-0.02% / 5.84%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 00:53
Updated-11 Mar, 2026 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files.

Action-Not Available
Vendor-datacastInternational Datacasting Corporation
Product-sfx2100_firmwaresfx2100SFX2100 Satellite Receiver
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-28548
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.83%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 08:28
Updated-05 Mar, 2026 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-37929
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.59%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 15:37
Updated-02 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-hf20chf60_firmwaresf100sf100_firmwarehf40_firmwarehf20_firmwarehf60c_firmwaresf300hf40c_firmwarehf20c_firmwarehf40hf20hhf20sf300_firmwarehf60hf40chf60chf20h_firmwareHPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-21963
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.03% / 7.39%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 21:56
Updated-29 Jan, 2026 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxOracle VM VirtualBox
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-36500
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 07:19
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-36499
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 17.41%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 07:17
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-62592
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.02% / 5.98%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 20:03
Updated-23 Oct, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxOracle VM VirtualBox
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-53030
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxOracle VM VirtualBox
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-0256
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 10.60%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: mosquitto Local Privilege Escalation vulnerability in SUID binaries

A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run mosquitto with root privileges and access sensitive information stored on the local filesystem. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.3 versions prior to 18.3R3-S4; 19.1 versions prior to 19.1R3-S4; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R2-S3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2, 20.2R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1258
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 14.10%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:17
Updated-12 Nov, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.McAfee, LLCMicrosoft Corporation
Product-agent_epolicy_orchestrator_extensionwindowsanyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-53025
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxOracle VM VirtualBox
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-8092
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-1.6||LOW
EPSS-0.10% / 27.41%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 16:00
Updated-17 Sep, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in Bitdefender AV for Mac

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.

Action-Not Available
Vendor-Bitdefender
Product-antivirusBitdefender Antivirus for Mac
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-3812
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 14.07%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 13:04
Updated-16 Sep, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.

Action-Not Available
Vendor-netqmailCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxnetqmaildebian_linuxnetqmail
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-6326
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-1.8||LOW
EPSS-0.01% / 1.04%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 16:51
Updated-23 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-factorytalk_policy_managerfactorytalk_system_servicesFactoryTalk® Policy Manager (FTPM)FactoryTalk® System Services (installed via FTPM)
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • Next
Details not found