Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-21402

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-13 Feb, 2024 | 18:02
Updated At-09 May, 2025 | 18:24
Rejected At-
Credits

Microsoft Outlook Elevation of Privilege Vulnerability

Microsoft Outlook Elevation of Privilege Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:13 Feb, 2024 | 18:02
Updated At:09 May, 2025 | 18:24
Rejected At:
ā–¼CVE Numbering Authority (CNA)
Microsoft Outlook Elevation of Privilege Vulnerability

Microsoft Outlook Elevation of Privilege Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft 365 Apps for Enterprise
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)
Problem Types
TypeCWE IDDescription
CWECWE-285CWE-285: Improper Authorization
Type: CWE
CWE ID: CWE-285
Description: CWE-285: Improper Authorization
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21402
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21402
Resource:
vendor-advisory
ā–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21402
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21402
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:13 Feb, 2024 | 18:15
Updated At:29 May, 2024 | 00:15

Microsoft Outlook Elevation of Privilege Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Microsoft Corporation
microsoft
>>365_apps>>Versions up to 2401.17231.20236(inclusive)
cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-285Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-285
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21402secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21402
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

75Records found
CVE-2025-30390
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 65.16%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 17:14
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure ML Compute Elevation of Privilege Vulnerability

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_machine_learningAzure Machine Learning
CWE ID-CWE-285
Improper Authorization
CVE-2025-29794
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.18% / 78.42%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-285
Improper Authorization
CVE-2025-29827
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.93% / 75.78%
||
7 Day CHG+0.07%
Published-08 May, 2025 | 22:17
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Automation Elevation of Privilege Vulnerability

Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_automationAzure Automation
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-32022
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-0.78% / 73.44%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Server Service Security Feature Bypass Vulnerability

Windows Server Service Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-285
Improper Authorization
CVE-2023-29338
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.68% / 71.22%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:03
Updated-10 Jul, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Spoofing Vulnerability

Visual Studio Code Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-285
Improper Authorization
CVE-2023-28378
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.86%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-02 Aug, 2024 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsquickassist_technology_libraryquickassist_technology_firmwarequickassist_technologyIntel(R) QAT drivers for Windows - HW Version 2.0
CWE ID-CWE-285
Improper Authorization
CVE-2025-21275
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.29%
||
7 Day CHG-0.20%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows App Package Installer Elevation of Privilege Vulnerability

Windows App Package Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_11_23h2windows_server_2022windows_11_24h2windows_server_2025windows_11_22h2windows_10_21h2windows_server_2022_23h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2
CWE ID-CWE-285
Improper Authorization
CVE-2025-21348
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.71% / 71.93%
||
7 Day CHG-4.53%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-285
Improper Authorization
CVE-2025-21400
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-0.80% / 73.81%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-285
Improper Authorization
CVE-2023-21549
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-7.14% / 91.38%
||
7 Day CHG+0.94%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Witness Service Elevation of Privilege Vulnerability

Windows SMB Witness Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-30061
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-5.03% / 89.54%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-09 Dec, 2025 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.1
CWE ID-CWE-285
Improper Authorization
CVE-2024-26193
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.61% / 69.29%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Migrate Remote Code Execution Vulnerability

Azure Migrate Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_migrateAzure Migrate
CWE ID-CWE-285
Improper Authorization
CVE-2022-45450
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.18%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 09:27
Updated-22 Jan, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-cyber_protectlinux_kernelwindowsmacosagentAcronis Cyber Protect 15Acronis Agent
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-5808
Matching Score-6
Assigner-Hitachi Vantara
ShareView Details
Matching Score-6
Assigner-Hitachi Vantara
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 23:53
Updated-28 Aug, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data.

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.

Action-Not Available
Vendor-Hitachi Vantara LLCHitachi, Ltd.Microsoft Corporation
Product-windowsvantara_hitachi_network_attached_storageSystem Management Unit (SMU)system_management_unit
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2025-30392
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 67.80%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 17:14
Updated-13 Feb, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure AI Bot Elevation of Privilege Vulnerability

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_ai_bot_serviceAzure AI Bot Service
CWE ID-CWE-285
Improper Authorization
CVE-2022-3229
Matching Score-6
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-6
Assigner-Rapid7, Inc.
CVSS Score-9.8||CRITICAL
EPSS-72.19% / 98.72%
||
7 Day CHG-15.37%
Published-06 Feb, 2023 | 22:52
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.

Action-Not Available
Vendor-unifiedremoteUnified Intents ABMicrosoft Corporation
Product-unified_remotewindowsUnified Remote
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-30670
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-0.84% / 74.39%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 16:56
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Escalate Privileges to Server Admin - Robohelp Server

RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-robohelp_serverwindowsRoboHelp
CWE ID-CWE-285
Improper Authorization
CVE-2025-30389
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-0.16% / 37.27%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 17:14
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Bot Framework SDK Elevation of Privilege Vulnerability

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_ai_bot_serviceAzure AI Bot Service
CWE ID-CWE-285
Improper Authorization
CVE-2023-40683
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.02% / 6.36%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 00:54
Updated-30 May, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenPages with Watson privilege escalation

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-openpages_with_watsonwindowslinux_kernelOpenPages with Watson
CWE ID-CWE-285
Improper Authorization
CVE-2023-28385
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.04% / 12.37%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsnext_unit_of_computing_firmwareIntel(R) NUC Pro Software Suite for Windowsnuc_pro_software_suite
CWE ID-CWE-285
Improper Authorization
CVE-2021-25499
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:11
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-285
Improper Authorization
CVE-2021-25353
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 10.20%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:12
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_themesGalaxy Themes
CWE ID-CWE-285
Improper Authorization
CVE-2021-25399
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smart_managerSmart Manager
CWE ID-CWE-285
Improper Authorization
CVE-2023-28556
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.73%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authorization in HLOS

Cryptographic issue in HLOS during key management.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwareqcm8550_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsw5100pqcs8155_firmwaresxr1120qca6595snapdragon_xr1_platformqcs610_firmwarewcd9335wcd9370qca8081_firmwaresnapdragon_x50_5g_modem-rf_systemqca4004qca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcn6024qcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700snapdragon_768g_5g_mobile_platform_firmwaresa4150pwsa8832_firmwareqca8337qdu1110qca6426_firmwarewcd9395snapdragon_460_mobile_platformsnapdragon_auto_4g_modem9205_lte_modemqca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareqcn7606_firmwareqca6564_firmwareqam8295pwcd9341qca6574auwcd9390wsa8810_firmwaresd730_firmwarewsa8845h_firmwarecsra6640snapdragon_8cx_gen_2_5g_compute_platformsa9000p_firmwaresrv1hsd730snapdragon_730g_mobile_platform_firmwarefastconnect_6800_firmwareqcn6024_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_695_5g_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformqcm6125_firmwarec-v2x_9150ssg2115pqcc710snapdragon_8cx_compute_platform_firmwaresa8540psnapdragon_480\+_5g_mobile_platform_firmwaresxr1120_firmwaresnapdragon_695_5g_mobile_platform_firmwareqsm8250_firmwareqsm8350_firmware315_5g_iot_modem_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformqru1032_firmwarefsm10056_firmwareqfw7114wcd9385_firmwareqca6421315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemqam8255p_firmwaresa8155_firmwarewcd9360snapdragon_888_5g_mobile_platform_firmwaresnapdragon_wear_1300_platform_firmwaresnapdragon_ar2_gen_1_platform_firmwareqcs4490snapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_7c_compute_platformsnapdragon_685_4g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pqca6421_firmwareqcm6125qca6564au_firmwaresnapdragon_768g_5g_mobile_platformwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresa9000pqdu1000_firmwareqsm8250snapdragon_8\+_gen_2_mobile_platformsrv1h_firmwareqca6595ausm7315_firmwareqdu1010wcd9326_firmwaresa6155p_firmwarewsa8840qcs8550_firmwareqdu1210_firmwaresnapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6436_firmwareqcn9012snapdragon_8\+_gen_1_mobile_platformwcd9371_firmwaresnapdragon_7c_compute_platform_firmwaresnapdragon_8_gen_2_mobile_platformqcs4490_firmwaresnapdragon_7c\+_gen_3_compute_firmwareqts110wcn3910_firmwaresm4125_firmwaresnapdragon_855\+\/860_mobile_platform_firmwareqca6420snapdragon_7c_gen_2_compute_platform_firmwarewcn3910mdm9205s_firmwarewcd9370_firmwarecsrb31024snapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqdu1110_firmwareqdu1000qca6574aqca6174asa8195pwcd9340qcs8250_firmwareqcm2290qdu1210qcm6490sa8540p_firmwaresm8550p_firmwareqcm8550wcn3988qcn9024snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsxr2230p_firmwaresd675_firmwaresnapdragon_8cx_compute_platformqca6430_firmwaresnapdragon_870_5g_mobile_platformqcn9011qamsrv1hqcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformwsa8845hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwareqca6564asa8155pwsa8830snapdragon_675_mobile_platformsnapdragon_wear_1300_platformsnapdragon_662_mobile_platformsm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareqcn9074_firmwaresnapdragon_765_5g_mobile_platformsc8180x\+sdx55_firmwaresa8255p_firmwareflight_rb5_5g_platform_firmwaresnapdragon_665_mobile_platformar8035qca6564sa6155qrb5165m_firmwaresa8650p_firmwaresnapdragon_678_mobile_platform_firmwareqcm4325robotics_rb5_platformqcn6224sc8180x\+sdx55qca6698aqwcn3950_firmwaresnapdragon_7c_gen_2_compute_platformsm6250qrb5165nmdm9205sssg2125p_firmwaresnapdragon_8_gen_1_mobile_platformsnapdragon_8c_compute_platform_firmwarefastconnect_6200snapdragon_710_mobile_platformsd670sm7325p_firmwaresa8145p_firmwaresd460snapdragon_730g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_firmwarewcd9360_firmwareqcs8155snapdragon_888\+_5g_mobile_platformqdx1011smart_audio_400_platformsnapdragon_855\+\/860_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990sd670_firmwaresnapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250snapdragon_750g_5g_mobile_platformfastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqcn6224_firmwareqca6431wsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwaresxr2130_firmwaresnapdragon_675_mobile_platform_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwareqrb5165msnapdragon_888_5g_mobile_platformsc8380xpsnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresd888_firmwaresnapdragon_662_mobile_platform_firmwarewcd9306qca6564auqcs6125_firmwaresm6250p_firmwareqcn9074wsa8815_firmwaresa8195p_firmwareqca8337_firmwareqcm4290snapdragon_680_4g_mobile_platformar8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresnapdragon_8c_compute_platformsm7250p_firmwarewcn3999sm4125qcm4490_firmwaresnapdragon_855_mobile_platformqru1032wcn3950flight_rb5_5g_platformsnapdragon_xr2_5g_platformqcs6125snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_765g_5g_mobile_platform_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platformqca4004_firmwaresnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwaresnapdragon_720g_mobile_platformsm7250pcsrb31024_firmwaresa8155sm6250_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqcn6274_firmwaresd888qcn9011_firmwareqru1062_firmwarefsm10056sd460_firmwaresnapdragon_4_gen_2_mobile_platformsw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740sc8380xp_firmwareqru1062fastconnect_6800qfw7114_firmwareqcs7230snapdragon_685_4g_mobile_platform_firmwareqca6595_firmwarefastconnect_7800_firmwarewcd9371snapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresnapdragon_732g_mobile_platform_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwaresnapdragon_x24_lte_modemsnapdragon_auto_5g_modem-rf_firmwaresxr1230psnapdragon_865\+_5g_mobile_platformsd662_firmwaresw5100video_collaboration_vc3_platformaqt1000wcd9306_firmwaresnapdragon_865_5g_mobile_platform_firmwarec-v2x_9150_firmwareqam8295p_firmwaresd855qca6431_firmwarewcn3990_firmware9205_lte_modem_firmwaresm7315qca6698aq_firmwareqcs2290qca6564a_firmwareqcn7606wcd9385qcs2290_firmwareqsm8350wcn3999_firmwaresd662snapdragon_678_mobile_platformsa8255pqcs7230_firmwaresnapdragon_720g_mobile_platform_firmwareqcs4290wcd9390_firmwaresxr1230p_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformqca6430sg8275psm6250psdx55_firmwareqdx1011_firmwaresnapdragon_auto_5g_modem-rfssg2125pqru1052sxr2130qcm4490csra6640_firmwaresnapdragon_xr2\+_gen_1_platformqca6174a_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformsnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemsd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwareqcn6274snapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwaresnapdragon_480_5g_mobile_platform_firmwareqfw7124qdu1010_firmwareqca6595au_firmwaresw5100p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_732g_mobile_platformsnapdragon_782g_mobile_platformqca6696_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwarecsra6620qca8081wsa8815sg4150psd_8_gen1_5gqam8775pqca9377qca6797aqqcm4325_firmwareqca6574a_firmwaresdx55qcm4290_firmwaresnapdragon_480\+_5g_mobile_platformsd675sd_8_gen1_5g_firmwarewcd9375_firmwareqca6391qts110_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqcn9012_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformqru1052_firmwaresnapdragon_670_mobile_platformcsra6620_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa8295psnapdragon_xr1_platform_firmwareqcs8550robotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwarewcd9375wcn3988_firmwareqamsrv1h_firmwaresa8145psd_675snapdragon_888\+_5g_mobile_platform_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwareqdx1010qcs610Snapdragon
CWE ID-CWE-285
Improper Authorization
CVE-2023-25517
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.65%
||
7 Day CHG~0.00%
Published-03 Jul, 2023 | 23:27
Updated-04 Dec, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinegpu_display_driverhypervisorvspherevGPU software
CWE ID-CWE-285
Improper Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found