Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-6740

Summary
Assigner-Checkmk
Assigner Org ID-f7d6281c-4801-44ce-ace2-493291dedb0f
Published At-12 Jan, 2024 | 07:50
Updated At-03 Jun, 2025 | 14:05
Rejected At-
Credits

Privilege escalation in jar_signature

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Checkmk
Assigner Org ID:f7d6281c-4801-44ce-ace2-493291dedb0f
Published At:12 Jan, 2024 | 07:50
Updated At:03 Jun, 2025 | 14:05
Rejected At:
▼CVE Numbering Authority (CNA)
Privilege escalation in jar_signature

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

Affected Products
Vendor
Checkmk GmbHCheckmk GmbH
Product
Checkmk
Default Status
unaffected
Versions
Affected
  • From 2.2.0 before 2.2.0p18 (semver)
  • From 2.1.0 before 2.1.0p38 (semver)
  • From 2.0.0 through 2.0.0p39 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427 Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427 Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://checkmk.com/werk/16163
N/A
Hyperlink: https://checkmk.com/werk/16163
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://checkmk.com/werk/16163
x_transferred
Hyperlink: https://checkmk.com/werk/16163
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@checkmk.com
Published At:12 Jan, 2024 | 08:15
Updated At:23 Jul, 2024 | 19:37

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p2:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p20:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p21:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p22:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p23:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p24:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p25:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p26:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p27:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p28:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p29:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p3:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p30:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p31:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p32:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p33:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p34:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p35:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p36:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p37:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p38:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p4:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p5:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p6:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p7:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p8:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.0.0
cpe:2.3:a:checkmk:checkmk:2.0.0:p9:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.1.0
cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.1.0
cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*
Checkmk GmbH
checkmk
>>checkmk>>2.1.0
cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE-427Secondarysecurity@checkmk.com
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-427
Type: Secondary
Source: security@checkmk.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://checkmk.com/werk/16163security@checkmk.com
Patch
Vendor Advisory
Hyperlink: https://checkmk.com/werk/16163
Source: security@checkmk.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

946Records found
CVE-2021-36968
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Elevation of Privilege Vulnerability

Windows DNS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows 7Windows 7 Service Pack 1
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36954
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.47%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bind Filter Driver Elevation of Privilege Vulnerability

Windows Bind Filter Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36927
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:12
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability

Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_8.1windows_rt_8.1windows_7windows_server_2008Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server 2012 R2 (Server Core installation)Windows 7 Service Pack 1
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-40657
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.74%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 00:09
Updated-17 Dec, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-37941
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:15
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess. This vulnerability affects users that have set up the agent via the attacher cli 3, the attach API 2, as well as users that have enabled the profiling_inferred_spans_enabled option

Action-Not Available
Vendor-Elasticsearch BV
Product-apm_agentAPM Java Agent
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-40662
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.35%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 00:09
Updated-17 Dec, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-4132
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-lock_screenLock Screenlock_screen
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-37345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.11%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 11:32
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-nagios_xin/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-40781
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.44%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:16
Updated-10 Dec, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-40460
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.83%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 00:00
Updated-30 May, 2025 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE

Action-Not Available
Vendor-ocucon/a
Product-innovationn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-40658
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.35%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 00:09
Updated-17 Dec, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-40802
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.78%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:16
Updated-10 Dec, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-4018
Matching Score-4
Assigner-BeyondTrust Inc.
ShareView Details
Matching Score-4
Assigner-BeyondTrust Inc.
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.44%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 20:29
Updated-01 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation in U-Series Appliance

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.

Action-Not Available
Vendor-BeyondTrust Corporation
Product-U-Series Applianceu-series_appliance
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-40458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.49%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 00:00
Updated-30 May, 2025 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.

Action-Not Available
Vendor-ocucon/a
Product-innovationn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-40462
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.83%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 00:00
Updated-30 May, 2025 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component

Action-Not Available
Vendor-ocucon/a
Product-innovationn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-35448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.17%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 19:43
Updated-04 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.

Action-Not Available
Vendor-remotemousen/aMicrosoft Corporation
Product-windowsemote_interactive_studion/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-2312
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:47
Updated-06 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.

Action-Not Available
Vendor-JBoss AS 7Red Hat, Inc.
Product-jboss_enterprise_application_platformjboss_application_serverJBoss
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-38830
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.69%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 11:49
Updated-14 May, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation vulnerability

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-cloud_foundationaria_operationsVMware Aria Operationsaria_operations
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3550
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-36753
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.59%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 19:07
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sharkdp BAT before 0.18.2 executes less.exe from the current working directory.

Action-Not Available
Vendor-bat_projectn/a
Product-batn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2012-1615
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.38%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 15:46
Updated-06 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

Action-Not Available
Vendor-sectoolFedora Project
Product-fedorasectoolsectool
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-38668
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.17%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:11
Updated-04 Feb, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationMicrosoft Corporation
Product-quartus_primewindowsIntel(R) Quartus(R) Prime Standard Edition software for Windowsquartus_prime_standard_edition_design_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-3439
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.08%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:39
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-zhan_86_pro_g2_microtower_\(rom_family_ssid_843c\)288_pro_g4_microtower_\(rom_family_ssid_843c\)proone_600_g4_21.5-inch_touch_all-in-one_business_pc290_g2_small_form_factor_\(rom_family_ssid_8768\)_firmwareelitebook_x360_1040_g7_firmwareelite_slice_g2_with_microsoft_teams_roomszbook_15_g4probook_450_g3prodesk_600_g5_small_form_factor_pczhan_66_pro_15_g2_firmwareproone_490_g3_\(rom_family_ssid_81b7\)zhan_86_pro_g1_microtower_pcelitedesk_800_g2_tower_pceliteone_1000_g1_23.8-in_touch_all-in-one_business_pcprobook_430_g7elitedesk_800_35w_g4_desktop_mini_pc_firmware288_pro_g5_microtower_\(rom_family_ssid_86e9\)_firmwarez4_g4_workstation_\(core-x\)_firmwareelitebook_x360_1030_g7_firmwaredesktop_pro_g1_microtower_\(rom_family_ssid_843c\)_firmwareelitebook_840_g3elitebook_x360_1030_g4_firmware288_pro_g6_microtower_\(rom_family_ssid_8948\)zhan_66_pro_13_g2elitebook_folio_g1_firmwareeliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmwareprobook_430_g8probook_440_g8probook_x360_11_g4_education_edition_firmwarezbook_17_g6zbook_firefly_15_g7engage_flex_pro_retail_systemzbook_17_g3256_g4_firmwareelite_sliceproone_440_g3_\(rom_family_ssid_81b7\)z2_small_form_factor_g5240_g6probook_640_g3prodesk_400_g6_small_form_factor_pcelitedesk_800_g6_tower_pc200_g3_all-in-one_\(rom_family_ssid_8431\)prodesk_600_g5_desktop_mini_pc340s_g7_firmwareelitedesk_800_g4_tower_pcelitebook_1040_g3240_g4z2_mini_g5_firmwaredesktop_pro_g2_microtower_pc_firmwareprobook_640_g4_firmwarezbook_studio_g7_firmwaremt31_thin_client_firmwareprodesk_600_g2_microtower_pc290_g4_microtower_\(rom_family_ssid_8948\)_firmwareprobook_440_g3prodesk_600_g3_desktop_mini_pc_firmwarez240_tower_firmwaredesktop_pro_g3406_microtower_pc_firmwareeliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_business_pc_firmwareelite_x2_1012_g1218_pro_g5_microtower_pcspectre_pro_13_g1_firmwareelite_x2_1012_g1_tabletmt31_thin_clientzbook_studio_x360_g5_firmwareeliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware260_g3_desktop_mini_pcprobook_450_g8_firmwareprobook_650_g7probook_430_g3280_pro_g3_microtower_pcelitedesk_880_g2_tower_pc_firmwareprodesk_400_g3_desktop_mini_pc_firmwareelitedesk_800_35w_g2_desktop_mini_pc_firmwaremp9_g2_retail_system_firmware340_g3elite_slice_g2_with_zoom_rooms_firmware288_pro_g6_microtower_\(rom_family_ssid_877e\)_firmware200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)z2_mini_g3290_g2_small_form_factor_\(rom_family_ssid_86e9\)stream_11_pro_g4z2_tower_g4_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmwareelitedesk_800_g2_tower_pc_firmwareengage_flex_pro_retail_system_firmware346_g3_firmwareprodesk_400_g3_desktop_mini_pcengage_flex_pro-c_retail_system_firmwareproone_440_g5_23.8-in_all-in-one_business_pc_firmwarezbook_15v_g5_mobile_workstationelitedesk_800_g4_small_form_factor_pceliteone_800_g5_23.8-in_healthcare_edition_all-in-oneprobook_x360_11_g6_education_edition_firmwareprodesk_480_g4_microtower_pcelite_dragonfly_g2engage_one_pro_aio_system_firmwarezbook_14u_g5probook_430_g4prodesk_480_g7_pci_microtower_pc280_g5_small_form_factor_\(rom_family_ssid_86e9\)engage_gomobile_systemprobook_430_g7_firmwarezbook_14u_g4246_g6_firmware280_pro_g3_microtower_pc_firmwareeliteone_800_g2_23-inch_touch_all-in-one_pc280_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwarez1_entry_tower_g5280_g3_small_form_factor_\(rom_family_ssid_843f\)_firmware290_g4_microtower_\(rom_family_ssid_877e\)probook_x360_11_g5_education_edition_firmwaredesktop_pro_g2_microtower_pcprodesk_480_g6_microtower_pc_firmwarez640_workstation_firmwareeliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_business_pc250_g5z2_tower_g5_firmwareeliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc258_g6_firmwareelitedesk_800_g5_tower_pcprodesk_400_g4_desktop_mini_pc_firmware256_g4desktop_pro_g3_firmwareprodesk_600_g6_small_form_factor_pc_firmwareelitebook_x360_1040_g6elitedesk_800_g6_desktop_mini_pc_firmwarez240_small_form_factorelite_dragonflyzhan_x_13_g2348_g5zhan_66_pro_14_g3eliteone_800_g6_24_all-in-one_pc260_g4_desktop_mini_pc_firmwareprodesk_680_g4_microtower_pc_\(with_pci_slot\)zbook_15u_g6zcentral_4rprobook_630_g8zbook_15_g3_firmwarezhan_99_pro_g1_microtower_\(rom_family_ssid_843c\)_firmware200_g3_all-in-one_\(rom_family_ssid_8431\)_firmwaremt22_thin_client_firmwareeliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc280_g3_small_form_factor_\(rom_family_ssid_843f\)probook_450_g4engage_one_all-in-one_systemprobook_630_g8_firmwareelitebook_1030_g1_firmwareengage_one_pro_aio_systemeliteone_800_g3_23.8-inch_touch_all-in-one_pcengage_gomobile_system_firmwaremt21_thin_client_firmwareprobook_446_g3256_g5zhan_66_pro_g1_r_microtower_pc_firmwareprodesk_600_g4_small_form_factor_pcspectre_pro_x360_g2256_g5_firmwareprobook_640_g8_firmware288_pro_g6_microtower_\(rom_family_ssid_8948\)_firmware340_g5_firmwareprodesk_400_g6_microtower_pcelitedesk_800_g3_small_form_factor_pc290_g2_small_form_factor_\(rom_family_ssid_86e9\)_firmwarestream_11_pro_g5elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms240_g7_firmwareelitebook_840_g3_firmware240_g4_firmware246_g4probook_430_g5_firmware346_g4290_g1_small_form_factor_\(rom_family_ssid_843f\)_firmwareelite_x2_g4prodesk_400_g5_small_form_factor_pc_firmwareprodesk_480_g4_microtower_pc_firmwarez240_small_form_factor_firmwareelite_slice_firmwarezbook_power_g7_firmwarezhan_66_pro_15_g3290_g3_\(rom_family_ssid_86e9\)_firmwarez2_tower_g5zbook_14u_g4_firmwareproone_400_g3_20-inch_non-touch_all-in-one_pcz2_small_form_factor_g4_firmwaremt20_thin_client_firmwareprodesk_600_g4_small_form_factor_pc_firmwareprodesk_400_g7_microtower_pc_firmwareprobook_x360_11_g5_education_editionz1_all-in-one_g3_firmwarezbook_studio_g4_firmwareelitebook_828_g4_firmwaredesktop_pro_g2z840_workstation250_g6elitebook_x360_1040_g5_firmwareprodesk_680_g6_pci_microtower_pc_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pcelitebook_x360_1040_g6_firmwareprodesk_600_g5_microtower_pc_\(with_pci_slot\)_firmwareelite_slice_g2_with_intel_uniteproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware250_g5_firmwarezhan_66_pro_14_g4_firmwarezhan_66_pro_g1eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware348_g4probook_430_g3_firmwareelitedesk_800_65w_g2_desktop_mini_pc_firmwarezbook_fury_15_g7_firmwareprobook_440_g4288_pro_g3_microtower250_g4_firmwareprodesk_600_g3_small_form_factor_pc_firmwareelitebook_840_g6zbook_15_g5z238_microtower_firmwarezbook_studio_g4mt21_thin_clientprodesk_680_g3_microtower_pcelitebook_828_g3prodesk_680_g4_microtower_pc_firmwareelitedesk_800_35w_g4_desktop_mini_pczbook_15u_g3470_g7elitedesk_800_g5_desktop_mini_pcprodesk_680_g2_microtower_pc_firmwareelitebook_x360_1040_g7z238_microtowerprodesk_400_g4_desktop_mini_pcprodesk_600_g6_small_form_factor_pcstream_11_pro_g4_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwareprobook_470_g4elitebook_848_g3zhan_66_pro_g3_24_all-in-one_pc_firmware250_g6_firmwareprodesk_600_g6_microtower_pceliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmwareelite_x2_1012_g2elitebook_840_g6_firmwarez2_tower_g4probook_440_g4_firmware280_g4_small_form_factor_\(rom_family_ssid_86e9\)_firmwareprodesk_400_g5_desktop_mini_pcsprout_pro_by_g2240_g7elitebook_848_g3_firmwarezhan_66_pro_g1_firmwareelitebook_1050_g1prodesk_600_g4_microtower_pc_firmwareprodesk_600_g3_microtower_pc_firmwareproone_600_g2_21.5-inch_non-touch_all-in-one_pcelitebook_x360_830_g6_firmwarezbook_create_g7proone_440_g4_23.8-inch_non-touch_all-in-one_business_pcproone_600_g6_22_all-in-one_pceliteone_1000_g1_23.8-in_all-in-one_business_pcprodesk_480_g5_microtower_pcelitebook_840_g5_healthcare_editionelitedesk_800_g6_small_form_factor_pc_firmwareprodesk_400_g2_desktop_mini_pcelitedesk_800_g4_workstation_edition_firmwareelitedesk_800_g3_tower_pc_firmwarezhan_66_pro_g1_microtower_pc_firmwareprobook_470_g3zbook_14u_g6_firmwareprobook_x360_11_g3_education_editionprobook_x360_440_g1_firmwareelitedesk_800_g4_tower_pc_firmwareelitebook_x360_1030_g3probook_x360_11_g2_education_edition_firmwareelitedesk_800_65w_g2_desktop_mini_pcprodesk_400_g5_small_form_factor_pc282_pro_g4_microtower_\(rom_family_ssid_843c\)proone_440_g3_\(rom_family_ssid_81b7\)_firmwareprodesk_600_g2_desktop_mini_pceliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmwareprobook_450_g7406_microtower_pcprodesk_600_g2_microtower_pc_firmwareelitebook_850_g3_firmwareprodesk_600_g6_pci_microtower_pcelitedesk_880_g3_tower_pc_firmwareproone_600_g5_21.5-in_all-in-one_business_pcz2_mini_g4prodesk_680_g4_microtower_pc_\(with_pci_slot\)_firmwareprobook_650_g8_firmwareprobook_446_g3_firmwarezbook_15_g4_firmwareelitebook_x360_1030_g4proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmwareelitebook_848_g4_firmwareelitedesk_800_g6_desktop_mini_pcdesktop_pro_microtower_pczhan_66_pro_15_g2280_g3_microtower_pc_firmwareelitedesk_800_g4_workstation_edition290_g1_small_form_factor_\(rom_family_ssid_843f\)proone_440_g5_23.8-in_all-in-one_business_pcelitebook_850_g4zhan_66_pro_g3_24_all-in-one_pc348_g3_firmwareelite_dragonfly_max205_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareproone_400_g2_20-inch_touch_all-in-one_pc280_g5_small_form_factor_\(rom_family_ssid_86e9\)_firmwareelitedesk_800_35w_g3_desktop_mini_pc_firmwareelitedesk_800_g6_tower_pc_firmwareprodesk_600_g6_microtower_pc_firmware246_g7zbook_15_g6elitedesk_880_g6_tower_pc_firmwareprodesk_600_g3_desktop_mini_pczbook_studio_g5elitebook_1040_g3_firmware280_g3_pci_microtower_pcelite_x2_1012_g2_firmwarezbook_15v_g5_mobile_workstation_firmwarerp9_g1_retail_systemprobook_650_g4elitebook_848_g4eliteone_800_g2_23-inch_non-touch_all-in-one_pceliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmwareprobook_640_g4prodesk_400_g4_microtower_pcelitedesk_800_35w_g2_desktop_mini_pcprodesk_600_g5_small_form_factor_pc_firmware256_g7_firmware288_pro_g3_microtower_firmwareelitebook_1030_g1200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwarez1_entry_tower_g6_firmwareelitebook_840_g6_healthcare_edition_firmwarezbook_15u_g4_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcpro_x2_612_g2_firmware200_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmware340_g4_firmwareprobook_640_g7280_g5_microtower_\(rom_family_ssid_877e\)_firmwareprobook_450_g5_firmwaremt22_thin_clientz1_entry_tower_g6zbook_fury_17_g7340_g7_firmwarezbook_15u_g5258_g7elitedesk_800_65w_g3_desktop_mini_pcelitedesk_880_g2_tower_pceliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmwareengage_one_all-in-one_system_firmwareelite_x2_g4_firmwarezbook_15u_g3_firmwarezhan_66_pro_14_g3_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_pcproone_400_g6_24_all-in-one_pc_firmware282_pro_g5_microtower_\(rom_family_ssid_86e9\)_firmware290_g4_microtower_\(rom_family_ssid_8948\)elitebook_830_g5prodesk_480_g5_microtower_pc_firmwaredesktop_pro_g2_firmwareelite_slice_for_meeting_roomsz240_tower280_g4_small_form_factor_\(rom_family_ssid_86e9\)mt20_thin_clientelitebook_folio_g1desktop_pro_300_g3zbook_17_g4proone_400_g2_20-inch_non-touch_all-in-one_pc_firmwaremp9_g4_retail_systemelitebook_840_g5_firmwarez2_small_form_factor_g5_firmwarezbook_14u_g6prodesk_400_g4_small_form_factor_pcprodesk_600_g4_desktop_mini_pc_firmwarezhan_86_pro_g2_microtower_\(rom_family_ssid_843c\)_firmware250_g7_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pceliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmwareelitebook_1040_g4282_pro_g3_microtower_pcelitedesk_800_95w_g4_desktop_mini_pc_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_pc348_g3prodesk_400_g4_small_form_factor_pc_firmwareprobook_470_g4_firmwarerp9_g1_retail_system_firmwareprodesk_680_g6_pci_microtower_pc280_g4_microtower_\(rom_family_ssid_843c\)_firmwareproone_400_g2_20-inch_touch_all-in-one_pc_firmware348_g5_firmware282_pro_g5_microtower_\(rom_family_ssid_86e9\)205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)zhan_66_pro_15_g3_firmwareproone_600_g6_22_all-in-one_pc_firmware282_pro_g3_microtower_pc_firmwareelitebook_x360_830_g7elitebook_x360_1030_g3_firmware280_pro_g6_microtower_\(rom_family_ssid_8948\)_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmwareelitebook_846_g5_firmwareprodesk_600_g3_microtower_pcelite_dragonfly_g2_firmware260_g4_desktop_mini_pcproone_400_g5_23.8-inch_all-in-one_business_pc246_g5256_g6_firmware288_pro_g6_microtower_\(rom_family_ssid_877e\)probook_440_g5prodesk_600_g4_microtower_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwarezbook_studio_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)elitedesk_880_g3_tower_pczbook_fury_15_g7prodesk_680_g3_microtower_pc_firmwareprobook_650_g3200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)probook_640_g5_firmwareprobook_650_g2elitebook_x360_1040_g8prodesk_400_g6_small_form_factor_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarez_vr_backpack_g1348_g7200_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmwareelitebook_828_g4348_g7_firmwareprobook_650_g2_firmwarezbook_15_g3proone_600_g5_21.5-in_all-in-one_business_pc_firmware288_pro_g5_microtower_\(rom_family_ssid_86e9\)eliteone_1000_g2_34-in_curved_all-in-one_business_pcprobook_450_g7_firmwareprobook_650_g4_firmware240_g6_firmware280_pro_g3_small_form_factor_\(rom_family_ssid_843f\)probook_640_g7_firmwarez2_mini_g4_firmwareelitebook_830_g6_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwareprobook_430_g6_firmwareprodesk_600_g5_microtower_pc_firmwareeliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmwareelitedesk_880_g6_tower_pcelitebook_x360_1030_g8zbook_create_g7_firmwareeliteone_800_g6_27_all-in-one_pcprodesk_600_g6_desktop_mini_pczbook_17_g6_firmwareelitedesk_800_g2_small_form_factor_pc_firmwarez_vr_backpack_g1_firmwareelitebook_840_g7zhan_66_pro_g1_microtower_pcz6_g4_workstationzbook_studio_g7elitebook_x360_1030_g2_firmware218_pro_g5_microtower_pc_firmware340_g4282_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwarezhan_66_pro_14_g2elite_slice_g2_-_audio_ready_with_zoom_roomsz4_g4_workstation_\(xeon_w\)_firmwarepro_x2_612_g2z1_all-in-one_g3240_g5prodesk_400_g5_microtower_pcelitebook_850_g3prodesk_400_g5_microtower_pc_firmwareeliteone_800_g5_23.8-inch_all-in-one_firmwareelitedesk_880_g4_tower_pcelitedesk_800_g4_small_form_factor_pc_firmwareprobook_640_g3_firmwarez2_mini_g3_firmwaret430_thin_client_firmwareprobook_430_g4_firmwareprodesk_400_g6_desktop_mini_pc_firmware280_pro_g3_small_form_factor_\(rom_family_ssid_843f\)_firmwareproone_400_g3_20-inch_touch_all-in-one_pcengage_flex_pro-c_retail_systemprobook_650_g3_firmwareprobook_470_g5258_g6elitedesk_880_g5_tower_pc_firmware240_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwareelitebook_x360_1030_g2elitebook_830_g7elite_dragonfly_max_firmwarespectre_pro_x360_g2_firmwareprodesk_400_g4_microtower_pc_firmwarezbook_x2_g4_firmwareelite_slice_for_meeting_rooms_firmwareproone_490_g3_\(rom_family_ssid_82dc\)340_g7z6_g4_workstation_firmwareprodesk_600_g4_desktop_mini_pc280_g4_small_form_factor_\(rom_family_ssid_8768\)290_g3_\(rom_family_ssid_86e9\)prodesk_600_g5_desktop_mini_pc_firmwareprobook_650_g5prodesk_600_g5_microtower_pcelitebook_x360_1020_g2_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pcz8_g4_workstation_firmwareeliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmwareprobook_440_g7eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc260_g2_desktop_mini340_g5proone_600_g2_21.5-inch_touch_all-in-one_pc_firmwareprobook_640_g8elitebook_830_g5_firmwareprodesk_680_g4_microtower_pc282_pro_g6_microtower_\(rom_family_ssid_8948\)346_g3mp9_g4_retail_system_firmwareprobook_650_g8elitebook_836_g6_firmware280_g3_pci_microtower_pc_firmwareelitedesk_800_g5_small_form_factor_pc_firmwareproone_400_g5_23.8-inch_all-in-one_business_pc_firmwareprobook_640_g2elitebook_850_g6_firmwaremp9_g2_retail_systemprobook_440_g3_firmware346_g4_firmwareelitebook_846_g5zbook_firefly_15_g7_firmwareprobook_440_g6282_pro_g6_microtower_\(rom_family_ssid_8948\)_firmwareproone_490_g3_\(rom_family_ssid_81b7\)_firmwaredesktop_pro_300_g3_firmware340_g3_firmwareelitedesk_800_g3_tower_pczbook_studio_x360_g5elitebook_x360_830_g7_firmwareproone_400_g6_20_all-in-one_pc205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmwarezhan_66_pro_g1_r_microtower_pcelitebook_840_g4_firmware250_g4probook_450_g8zbook_17_g5eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pczbook_firefly_14_g7probook_640_g5zbook_17_g5_firmwareelitebook_850_g5246_g7_firmwareprodesk_600_g6_pci_microtower_pc_firmware200_g3_all-in-one_\(rom_family_ssid_84de\)_firmwareelitebook_840_g5eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmwarezbook_15u_g5_firmwareprobook_650_g7_firmwarezhan_66_pro_14_g4eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmwareeliteone_800_g6_27_all-in-one_pc_firmwareelitebook_850_g7zbook_15_g6_firmwareprodesk_400_g7_small_form_factor_pc_firmwareelitebook_840_g5_healthcare_edition_firmwareprobook_x360_11_g3_education_edition_firmwareproone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmwarezbook_15u_g6_firmwareelitedesk_800_65w_g3_desktop_mini_pc_firmware260_g2_desktop_mini_firmwareelitedesk_880_g5_tower_pcelite_x2_1013_g3_firmwareelitedesk_800_95w_g4_desktop_mini_pcelite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmwareproone_400_g5_20-inch_all-in-one_business_pcelitedesk_800_g3_small_form_factor_pc_firmware280_pro_g6_microtower_\(rom_family_ssid_8948\)elitebook_x360_1040_g5elitebook_x360_1040_g8_firmwareelitebook_x360_830_g5_firmwareproone_400_g6_24_all-in-one_pcz640_workstation280_g3_microtower_pcproone_480_g3_20-inch_non-touch_all-in_one_pcproone_400_g3_20-inch_non-touch_all-in-one_pc_firmwareelite_dragonfly_firmwareelitebook_840_g4stream_11_pro_g5_firmwarez4_g4_workstation_\(core-x\)zhan_66_pro_14_g2_firmwareelitebook_820_g3_firmwarezbook_15_g5_firmware290_g2_microtower_\(rom_family_ssid_843c\)_firmwareeliteone_800_g5_23.8-inch_all-in-oneprobook_450_g5elite_slice_g2_with_intel_unite_firmwaret638_thin_client_firmwarez840_workstation_firmwareelitebook_840r_g4_firmwareprodesk_600_g3_small_form_factor_pcprobook_x360_11_g6_education_editioneliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pct638_thin_client280_pro_g4_microtower_\(rom_family_ssid_843c\)256_g7elitedesk_880_g4_tower_pc_firmwareprodesk_600_g2_small_form_factor_pc_firmwareelitedesk_800_g5_desktop_mini_pc_firmwareelitebook_840r_g4elitebook_836_g5_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware246_g6elitebook_x360_1030_g7290_g1_microtower_pczhan_x_13_g2_firmwareeliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware246_g5_firmwareeliteone_800_g3_23.8-inch_non-touch_all-in-one_pcz8_g4_workstationelite_x2_1013_g3200_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)desktop_pro_g1_microtower_\(rom_family_ssid_843c\)elitedesk_800_65w_g4_desktop_mini_pcelitebook_850_g4_firmwareprobook_430_g6elitedesk_800_g2_small_form_factor_pcprodesk_400_g6_microtower_pc_firmwareelite_slice_g2_with_microsoft_teams_rooms_firmwarezhan_99_pro_g1_microtower_\(rom_family_ssid_843c\)elitedesk_800_g6_small_form_factor_pcprobook_470_g3_firmwareprobook_450_g4_firmwareelitebook_850_g6470_g7_firmware290_g4_microtower_\(rom_family_ssid_877e\)_firmware200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelitedesk_800_35w_g3_desktop_mini_pcprodesk_480_g6_microtower_pc280_g5_microtower_\(rom_family_ssid_877e\)probook_640_g2_firmwarezbook_fury_17_g7_firmwareelitebook_820_g4_firmwareelitebook_820_g4elitebook_836_g6elitebook_x360_830_g5290_g1_microtower_pc_firmware290_g2_small_form_factor_\(rom_family_ssid_8768\)probook_x360_11_g2_education_editionproone_440_g6_24_all-in-one_pc_firmwareproone_440_g3_\(rom_family_ssid_82dc\)_firmwareeliteone_1000_g1_34-in_curved_all-in-one_business_pcelitebook_836_g5prodesk_400_g5_desktop_mini_pc_firmwareprodesk_400_g2_desktop_mini_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pc_firmwareproone_600_g2_21.5-inch_touch_all-in-one_pcprobook_x360_440_g1proone_400_g3_20-inch_touch_all-in-one_pc_firmwarez4_g4_workstation_\(xeon_w\)z440_workstationz1_entry_tower_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)prodesk_600_g2_desktop_mini_pc_firmwareelitebook_850_g5_firmwareprobook_440_g7_firmwaresprout_pro_by_g2_firmwareelitebook_1040_g4_firmware250_g7zbook_14u_g5_firmware258_g7_firmware205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelitedesk_800_g5_tower_pc_firmware288_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwareelite_x2_1012_g1_tablet_firmwareelitebook_x360_830_g6probook_450_g3_firmwareprobook_440_g5_firmwarezbook_17_g3_firmwareelitebook_830_g6elitebook_820_g3zcentral_4r_firmware340s_g7probook_650_g5_firmwareprobook_450_g6z2_small_form_factor_g4zbook_power_g7prodesk_400_g6_desktop_mini_pcprobook_440_g6_firmwareelitebook_828_g3_firmwareeliteone_800_g4_23.8-inch_touch_all-in-one_pcelitebook_850_g7_firmwarezhan_66_pro_g3_22_all-in-one_pc_firmwarez2_mini_g5elitebook_x360_1030_g8_firmwareprobook_11_g2_education_editionzbook_x2_g4zbook_firefly_14_g7_firmwareprodesk_480_g7_pci_microtower_pc_firmwareprodesk_600_g6_desktop_mini_pc_firmware280_g4_microtower_\(rom_family_ssid_843c\)proone_400_g6_20_all-in-one_pc_firmwareprodesk_400_g7_small_form_factor_pcspectre_pro_13_g1elitebook_830_g7_firmwareprobook_470_g5_firmwareelitebook_840_g7_firmwarezhan_66_pro_g3_22_all-in-one_pc200_g3_all-in-one_\(rom_family_ssid_84de\)256_g6260_g3_desktop_mini_pc_firmwareprodesk_600_g5_microtower_pc_\(with_pci_slot\)eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware280_g4_small_form_factor_\(rom_family_ssid_8768\)_firmware200_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelite_slice_g2_-_audio_ready_with_zoom_rooms_firmwarez440_workstation_firmware290_g2_microtower_\(rom_family_ssid_843c\)elitedesk_800_g5_small_form_factor_pcproone_440_g6_24_all-in-one_pcprodesk_600_g2_small_form_factor_pczhan_86_pro_g1_microtower_pc_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pceliteone_800_g4_23.8-inch_non-touch_all-in-one_pcprobook_440_g8_firmwareelitebook_840_g6_healthcare_editioneliteone_800_g6_24_all-in-one_pc_firmwarezbook_17_g4_firmwareprodesk_400_g7_microtower_pct430_thin_clientdesktop_pro_g3_microtower_firmware246_g4_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwareprobook_11_g2_education_edition_firmwareelite_slice_g2_with_zoom_roomsproone_440_g3_\(rom_family_ssid_82dc\)elitebook_x360_1020_g2elitebook_1050_g1_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwareprobook_430_g8_firmwareprodesk_680_g2_microtower_pcdesktop_pro_microtower_pc_firmwarezbook_15u_g4proone_400_g2_20-inch_non-touch_all-in-one_pc348_g4_firmwaredesktop_pro_g3_microtowerelite_x2_1012_g1_firmwareproone_490_g3_\(rom_family_ssid_82dc\)_firmwareprobook_x360_11_g4_education_editionprobook_430_g5HP PC BIOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34456
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.69%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34461
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.14%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34412
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.72%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 13:55
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.

Action-Not Available
Vendor-n/aZoom Communications, Inc.
Product-meetingsZoom Client for Meetings for Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34477
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.95%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability

Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-.net_education_bundle_sdk_install_tool.net_install_tool_for_extension_authors.NET Education Bundle SDK Install Tool.NET Install Tool for Extension Authors
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34411
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.43%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 13:55
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.

Action-Not Available
Vendor-n/aZoom Communications, Inc.
Product-roomsZoom Rooms for Conference Room for Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-35052
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.52%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:30
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High.

Action-Not Available
Vendor-n/aKaspersky Lab
Product-password_managerKaspersky Password Manager for Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-38014
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-9.57% / 92.55%
||
7 Day CHG-0.95%
Published-10 Sep, 2024 | 16:53
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-01||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_11_21h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows 10 Version 1809Windows 10 Version 22H2Windows 10 Version 1507Windows 10 Version 1607Windows 11 version 21H2Windows 11 Version 24H2Windows Server 2019Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 11 version 22H2Windows Server 2008 Service Pack 2Windows 11 Version 23H2Windows Server 2022Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3423
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 11:00
Updated-17 Sep, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in Bitdefender GravityZone Business Security

Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329.

Action-Not Available
Vendor-Bitdefender
Product-gravityzone_business_securityGravityZone Business Security
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-34483
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.78%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:11
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34471
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:11
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Defender Elevation of Privilege Vulnerability

Microsoft Windows Defender Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-malware_protection_engineMicrosoft Malware Protection Engine
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34537
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.00%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:12
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bluetooth Driver Elevation of Privilege Vulnerability

Windows Bluetooth Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-32592
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.81%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 11:27
Updated-25 Oct, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlientforticlient_enterprise_management_serverFortinet FortiClientWindows, FortiClientEMS
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-33101
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzersIntel(R) GPA software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-4448
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 10.91%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 14:40
Updated-17 Sep, 2024 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2_high_performance_unload_loadlinux_kernelDB2 High Performance Unload load for LUW
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-45320
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-28 Aug, 2025 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-vtune_profilerIntel(R) VTune(TM) Profiler softwarevtune_profiler
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37130
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 01:34
Updated-09 Jan, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell OpenManage Server Administratoropenmanage_server_administrator
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-36500
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 07:19
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-33505
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.31%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 10:26
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.

Action-Not Available
Vendor-falcon/a
Product-falcon/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-33751
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.79% / 73.00%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:53
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-33064
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.34%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-29 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_studioIntel(R) System Studio
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-4956
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.65%
||
7 Day CHG~0.00%
Published-30 Sep, 2023 | 17:00
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Caphyon Advanced Installer WinSxS DLL uncontrolled search path

A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.

Action-Not Available
Vendor-caphyonCaphyoncaphyon
Product-advanced_installerAdvanced Installeradvanced_installer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-36586
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.17%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary.

Action-Not Available
Vendor-n/aAdGuard (Adguard Software Ltd.)
Product-n/aadguardhome
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-31359
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.45%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 18:16
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Local Privilege Escalation vulnerability

A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-31833
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.01%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 09:45
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.

Action-Not Available
Vendor-McAfee, LLC
Product-application_and_change_controlMcAfee Application and Change Control (MACC)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-31853
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.51%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 09:00
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MDE DLL Search Order Hijacking vulnerability

DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.

Action-Not Available
Vendor-McAfee, LLC
Product-drive_encryptionMcAfee Drive Encryption (MDE)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-3101
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 6.23%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 22:15
Updated-17 Sep, 2024 | 02:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hotdog Container Escape

Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container.

Action-Not Available
Vendor-hotdog_projectAmazon Web Services
Product-hotdogHotdog
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-31954
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.50% / 80.39%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 18
  • 19
  • Next
Details not found