Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-28115

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-07 Mar, 2024 | 20:54
Updated At-28 Aug, 2024 | 17:42
Rejected At-
Credits

Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:07 Mar, 2024 | 20:54
Updated At:28 Aug, 2024 | 17:42
Rejected At:
▼CVE Numbering Authority (CNA)
Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.

Affected Products
Vendor
FreeRTOS
Product
FreeRTOS-Kernel
Versions
Affected
  • < 10.6.2
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r
x_refsource_CONFIRM
https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2
x_refsource_MISC
Hyperlink: https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r
x_refsource_CONFIRM
x_transferred
https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
freertos
Product
freertos-kernel
CPEs
  • cpe:2.3:o:freertos:freertos-kernel:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 10.6.2 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:07 Mar, 2024 | 21:15
Updated At:01 Oct, 2024 | 15:31

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
amazon
amazon
>>freertos>>Versions before 10.6.2(exclusive)
cpe:2.3:o:amazon:freertos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-284Secondarysecurity-advisories@github.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2security-advisories@github.com
Release Notes
https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6rsecurity-advisories@github.com
Technical Description
Vendor Advisory
Hyperlink: https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r
Source: security-advisories@github.com
Resource:
Technical Description
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

266Records found
CVE-2024-36488
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 24.52%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:11
Updated-04 Feb, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-driver_\&_support_assistantIntel(R) DSAdsa_software
CWE ID-CWE-284
Improper Access Control
CVE-2024-37355
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.40%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:18
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Graphics software
CWE ID-CWE-284
Improper Access Control
CVE-2026-27914
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.32%
||
7 Day CHG+0.01%
Published-14 Apr, 2026 | 16:58
Updated-12 May, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Management Console Elevation of Privilege Vulnerability

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_21h2windows_10_1809windows_11_25h2windows_server_2022windows_server_2025windows_10_1607windows_server_2019windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_server_2016windows_11_23h2windows_server_2012Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-284
Improper Access Control
CVE-2024-34543
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 35.05%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 16:38
Updated-23 Sep, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-raid_web_consoleIntel(R) RAID Web Console softwareraid_web_console
CWE ID-CWE-284
Improper Access Control
CVE-2024-33673
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 00:00
Updated-30 Jun, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-backup_execn/abackup_exec
CWE ID-CWE-284
Improper Access Control
CVE-2022-37393
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.8||HIGH
EPSS-5.12% / 89.94%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 20:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zimbra zmslapd arbitrary module load

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Action-Not Available
Vendor-ZimbraSynacor, Inc.
Product-collaborationZimbra Server
CWE ID-CWE-284
Improper Access Control
CVE-2017-20066
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.97%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 20:10
Updated-15 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adminer Login access control

A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-adminer_login_projectunspecified
Product-adminer_loginAdminer Login
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-33027
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.17% / 37.58%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-20 Nov, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Linux

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwaresa8145p_firmwareqcs610315_5g_iot_modem_firmwaresnapdragon_x24_lte_modem_firmwareqca8337csra6620snapdragon_212_mobile_platformsnapdragon_860_mobile_platform_firmwarewcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresa6155video_collaboration_vc3_platformqca6335sd730_firmwarewcd9370csra6620_firmwarecsra6640_firmwareqca6564qcs6125_firmwarewcn3990_firmwareqca9377wcn3950wcd9326_firmwarefastconnect_6200wcn3660bsnapdragon_660_mobile_platform_firmwaresa8155snapdragon_429_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574au_firmwaresdx55_firmwarewcn3680b_firmwaresnapdragon_212_mobile_platform_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3610_firmwareqca6420snapdragon_429_mobile_platformqca6564au_firmwaresa6155p_firmwareqca6310snapdragon_855\+_firmwaresmart_audio_400_platform_firmwareqcs6125sa8155_firmwarerobotics_rb3_platform_firmwarevision_intelligence_300_platform_firmwarewcn3988_firmwareqca6430315_5g_iot_modemqcn9074robotics_rb3_platformsa6145p_firmwaresm6250c-v2x_9150snapdragon_678_mobile_platform_firmwaresnapdragon_720g_mobile_platformsa8195psnapdragon_855\+sxr1120wcd9340wsa8810_firmwarevision_intelligence_400_platformwcd9326wcd9335sa6155pqca6174a_firmwarewcd9341qca6696_firmwarewcd9375snapdragon_855_mobile_platform_firmwareaqt1000sa8150psnapdragon_210_processor_firmwaresm6250_firmwarevision_intelligence_400_platform_firmwaresd855_firmwaresd660wcn3620_firmwarewcn3988wsa8815_firmwaresd660_firmwarewcn3620sa8195p_firmwaresxr1120_firmwaresnapdragon_730_mobile_platform_firmwarewcn3610qcm6125_firmwaresnapdragon_675_mobile_platform_firmwaresnapdragon_845_mobile_platformqca8337_firmwarewcd9380_firmwarewcn3990sdm429wqca6595qca6564ausnapdragon_670_mobile_platform_firmwaresd670_firmwareqca6574sdm429w_firmwarewcd9380snapdragon_678_mobile_platformqcs410snapdragon_210_processorqca6574asmart_audio_400_platformqca6174avideo_collaboration_vc3_platform_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcn3980snapdragon_732g_mobile_platform_firmwareqca6335_firmwareqca6574_firmwarewcd9340_firmwaresd855wsa8815205_mobile_platform_firmwarewcn3660b_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_670_mobile_platformsnapdragon_730g_mobile_platformvision_intelligence_300_platformsnapdragon_x55_5g_modem-rf_system_firmwaresd730qca6391wcn3980_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresnapdragon_710_mobile_platformaqt1000_firmwaresnapdragon_845_mobile_platform_firmware215_mobile_platformar8031_firmwaresnapdragon_xr1_platformsnapdragon_660_mobile_platformvideo_collaboration_vc1_platform_firmwareqca6574ausa8155p_firmwaresd670wcd9341_firmwareqcm6125wsa8810snapdragon_x24_lte_modemsnapdragon_730g_mobile_platform_firmwareqcs610_firmwaresa6145psnapdragon_730_mobile_platformwcn3680bqca6564_firmwaresnapdragon_675_mobile_platformar8031qca6595_firmwaresa8145pqca6696205_mobile_platform215_mobile_platform_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_732g_mobile_platformwcd9370_firmwaresa6150psdx55snapdragon_x50_5g_modem-rf_systemsa8155pcsra6640video_collaboration_vc1_platformsnapdragon_860_mobile_platformqcn9074_firmwareqcs410_firmwaresnapdragon_720g_mobile_platform_firmwaresnapdragon_855_mobile_platformsnapdragon_xr1_platform_firmwareSnapdragonqca9377_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmware315_5g_iot_modem_firmwaresnapdragon_x24_lte_modem_firmwaresnapdragon_670_mobile_platform_firmwaresd670_firmwaresdm429w_firmwarewcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresnapdragon_xr1_platform_firmwaresd730_firmwarecsra6620_firmwarecsra6640_firmwareqcs6125_firmwarewcn3990_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6335_firmwarewcd9326_firmwareqca6574_firmwarewcd9340_firmwaresnapdragon_660_mobile_platform_firmwarewcn3660b_firmwaresnapdragon_429_mobile_platform_firmwareqca6574a_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwaresnapdragon_212_mobile_platform_firmwarewcd9375_firmwaresa6155_firmwarefastconnect_6200_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3610_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareaqt1000_firmwareqca6564au_firmwaresa6155p_firmwaresnapdragon_845_mobile_platform_firmwaresmart_audio_400_platform_firmwarear8031_firmwaresa8155_firmwarerobotics_rb3_platform_firmwarevision_intelligence_300_platform_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwarewsa8810_firmwarewcd9341_firmwareqcs610_firmwarequalcomm_215_mobile_platform_firmwareqca6174a_firmwarequalcomm_205_mobile_platform_firmwareqca6564_firmwareqca6696_firmwareqca6595_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresnapdragon_210_processor_firmwaresm6250_firmwarevision_intelligence_400_platform_firmwaresd855_firmwarewcn3620_firmwarewsa8815_firmwaresd660_firmwaresa8195p_firmwareqcn9074_firmwaresxr1120_firmwareqcs410_firmwaresnapdragon_720g_mobile_platform_firmwareqcm6125_firmwaresnapdragon_675_mobile_platform_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2024-31320
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.4||HIGH
EPSS-0.68% / 71.83%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:11
Updated-17 Dec, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CVE-2022-38466
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.89%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 09:40
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator.

Action-Not Available
Vendor-Siemens AG
Product-coreshield_one-way_gatewayCoreShield One-Way Gateway (OWG) Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2026-26183
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.27%
||
7 Day CHG+0.01%
Published-14 Apr, 2026 | 16:57
Updated-12 May, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability

Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_server_2025windows_server_2019windows_server_2022_23h2windows_server_2016windows_server_2012Windows Server 2016Windows Server 2019Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows Server 2025Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2026-24290
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.26%
||
7 Day CHG+0.01%
Published-10 Mar, 2026 | 17:04
Updated-14 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Projected File System Elevation of Privilege Vulnerability

Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_server_2025windows_11_26h1windows_server_2022windows_server_2019windows_10_21h2windows_10_1809windows_11_24h2windows_11_25h2Windows 11 version 26H1Windows Server 2022Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 22H2Windows Server 2019Windows 11 Version 25H2Windows 10 Version 1809
CWE ID-CWE-284
Improper Access Control
CVE-2024-27264
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.04% / 13.28%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 19:21
Updated-30 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Performance Tools for i privilege escalation

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-284
Improper Access Control
CVE-2026-21238
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.57%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_22h2windows_server_2012windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_11_25h2windows_server_2022_23h2windows_10_1607windows_server_2019Windows 11 Version 26H1Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-284
Improper Access Control
CVE-2024-24986
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.15% / 35.05%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-06 Sep, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_800_series_controllers_driverIntel(R) Ethernet Network Controllers and Adaptersethernet_complete_driver_pack
CWE ID-CWE-284
Improper Access Control
CVE-2026-20843
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.09%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability

Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_server_2008windows_11_23h2windows_11_25h2windows_server_2012Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 11 Version 24H2Windows Server 2008 Service Pack 2Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows 10 Version 22H2Windows Server 2022Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-284
Improper Access Control
CVE-2026-21255
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.69%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Security Feature Bypass Vulnerability

Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_22h2windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_11_25h2windows_server_2022_23h2windows_10_1607windows_server_2019Windows 11 Version 26H1Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows 11 Version 23H2
CWE ID-CWE-284
Improper Access Control
CVE-2022-36789
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.65%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_10_performance_mini_pc_nuc10i7fnkpanuc_10_performance_kit_nuc10i7fnk_firmwarenuc_10_performance_mini_pc_nuc10i7fnhjanuc_10_performance_kit_nuc10i5fnhnnuc_10_performance_kit_nuc10i7fnhc_firmwarenuc_10_performance_kit_nuc10i3fnh_firmwarenuc_10_performance_kit_nuc10i5fnhjnuc_10_performance_kit_nuc10i7fnhnuc_10_performance_kit_nuc10i3fnhn_firmwarenuc_10_performance_mini_pc_nuc10i3fnhja_firmwarenuc_10_performance_kit_nuc10i3fnknnuc_10_performance_kit_nuc10i3fnk_firmwarenuc_10_performance_kit_nuc10i5fnhn_firmwarenuc_10_performance_mini_pc_nuc10i5fnhja_firmwarenuc_10_performance_mini_pc_nuc10i3fnhfanuc_10_performance_kit_nuc10i7fnhcnuc_10_performance_kit_nuc10i5fnkn_firmwarenuc_10_performance_kit_nuc10i3fnhnuc_10_performance_kit_nuc10i3fnhf_firmwarenuc_10_performance_mini_pc_nuc10i5fnhcanuc_10_performance_kit_nuc10i5fnknnuc_10_performance_kit_nuc10i7fnhn_firmwarenuc_10_performance_kit_nuc10i3fnhnnuc_10_performance_kit_nuc10i5fnhj_firmwarenuc_10_performance_kit_nuc10i3fnhfnuc_10_performance_mini_pc_nuc10i7fnhaanuc_10_performance_mini_pc_nuc10i7fnkpa_firmwarenuc_10_performance_kit_nuc10i5fnkpnuc_10_performance_kit_nuc10i7fnhnnuc_10_performance_mini_pc_nuc10i7fnhja_firmwarenuc_10_performance_kit_nuc10i5fnkp_firmwarenuc_10_performance_kit_nuc10i5fnhnuc_10_performance_mini_pc_nuc10i3fnhfa_firmwarenuc_10_performance_kit_nuc10i7fnknnuc_10_performance_kit_nuc10i5fnhfnuc_10_performance_mini_pc_nuc10i7fnhaa_firmwarenuc_10_performance_kit_nuc10i3fnkn_firmwarenuc_10_performance_kit_nuc10i7fnkn_firmwarenuc_10_performance_kit_nuc10i7fnkp_firmwarenuc_10_performance_kit_nuc10i5fnknuc_10_performance_kit_nuc10i5fnh_firmwarenuc_10_performance_kit_nuc10i7fnh_firmwarenuc_10_performance_kit_nuc10i7fnknuc_10_performance_mini_pc_nuc10i3fnhjanuc_10_performance_mini_pc_nuc10i5fnkpanuc_10_performance_kit_nuc10i7fnkpnuc_10_performance_mini_pc_nuc10i5fnhca_firmwarenuc_10_performance_kit_nuc10i5fnk_firmwarenuc_10_performance_mini_pc_nuc10i5fnhjanuc_10_performance_kit_nuc10i5fnhf_firmwarenuc_10_performance_kit_nuc10i3fnknuc_10_performance_mini_pc_nuc10i5fnkpa_firmwareIntel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs
CWE ID-CWE-284
Improper Access Control
CVE-2022-36443
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.93%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-30 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction.

Action-Not Available
Vendor-zebran/a
Product-enterprise_home_screenn/a
CWE ID-CWE-284
Improper Access Control
CVE-2024-21113
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-0.13% / 31.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-18 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-284
Improper Access Control
CVE-2024-21103
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.8||HIGH
EPSS-0.20% / 41.80%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-13 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-284
Improper Access Control
CVE-2024-21436
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.21%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2024-21418
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.59% / 69.37%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft CorporationThe Linux Foundation
Product-software_for_open_networking_in_the_cloudSoftware for Open Networking in the Cloud (SONiC)
CWE ID-CWE-284
Improper Access Control
CVE-2024-21112
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-0.11% / 28.46%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-28 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-284
Improper Access Control
CVE-2024-21114
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.66%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-15 Aug, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-VM VirtualBox
CWE ID-CWE-284
Improper Access Control
CVE-2024-21115
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-0.20% / 41.95%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-25 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-284
Improper Access Control
CVE-2022-36864
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-samsung_emailSamsung Email
CWE ID-CWE-284
Improper Access Control
CVE-2024-0036
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.4||HIGH
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 00:08
Updated-16 Dec, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-284
Improper Access Control
CVE-2023-7025
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.11%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 03:00
Updated-24 Apr, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KylinSoft hedron-domain-hook DBus init_kcm access control

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-kylinosKylinSoft
Product-hedron-domain-hookhedron-domain-hook
CWE ID-CWE-284
Improper Access Control
CVE-2024-0025
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.81%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 21:03
Updated-17 Dec, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-284
Improper Access Control
CVE-2022-34672
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 29.93%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpucloud_gamingvGPU software (guest driver) - Windows, NVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-284
Improper Access Control
CVE-2024-21067
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.05%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-21 May, 2025 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-enterprise_manager_base_platformEnterprise Manager Base Platform
CWE ID-CWE-284
Improper Access Control
CVE-2022-42861
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.23%
||
7 Day CHG~0.00%
Published-15 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_osmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-33243
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.10% / 27.21%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access control in Qualcomm IPC

Memory corruption due to improper access control in Qualcomm IPC.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwareqcs610ipq4028_firmwareqca8337ar9380ipq8173_firmwareqca6431_firmwarewcd9360_firmwareqcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqca6595au_firmwareqca6335qcs605_firmwareqcs6125_firmwaresa415mwcn3998qam8295pwcn3950qcn6024_firmwareipq8076asd_8_gen1_5g_firmwarewcn3660bwcn7850qca6574au_firmwareqcn5164_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwareqca6420wcd9360qca9986ipq8070_firmwareipq8065ipq8078a_firmwareqrb5165_firmwareipq5028qca7500ipq4029_firmwareqcs6125ipq6010ipq8068qca6430wcd9340qcn6132qualcomm215_firmwaresw5100qca6436wcn6851sa6155pwcn7851_firmwareqca9888_firmwareqcn6122wcd9341ipq8068_firmwareqca6431qca6696_firmwaresd870_firmwareqcn5154_firmwaresa8150pwsa8830_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd855_firmwarewcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475qcn5022_firmwareqca9898sa8295p_firmwareipq4028wcn3610ipq5018_firmwareqca9985_firmwareipq4018_firmwareqca8337_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaresdm429wsw5100pmsm8996au_firmwareipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164csr8811_firmwarewcd9380qualcomm215qcs410qcn5024ipq4019_firmwaresdx24_firmwareqca9985qcn9012_firmwareqca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980qca6335_firmwareipq6018_firmwareqcs605wcd9340_firmwarewsa8815wcn6850qca9986_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680qca9984ipq6028ipq8064sd835qcn9024wcn3980_firmwaresdx55mipq8064_firmwareqcc5100_firmwaresa8295pqca6421_firmwarewcn3680_firmwareipq8078_firmwareqrb5165wcn6851_firmwareipq8070qca9994qca9980qcn9024_firmwareipq8174_firmwareqca6564a_firmwareqca9880sd870wcn6855sw5100p_firmwaresd210_firmwareqcs610_firmwareqsm8250sa6145pipq6018qca9886_firmwaresdxr1apq8096ausa8145pqca6391_firmwareqca4024wcd9370_firmwaresdx55sa8155pqcs8155_firmwareqsm8250_firmwareqcn5024_firmwaremdm9150_firmwarewsa8830qcn9070sa8145p_firmwarecsrb31024qcn9072qca9880_firmwareqca9992qca6420_firmwareqca6390_firmwarewcd9370qcn5152_firmwareqca6426wcn3990_firmwareqcn9000_firmwareqca9984_firmwareqca9377ipq5018wcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwareipq8074aqcn5124_firmwareqam8295p_firmwarewcn3680b_firmwareqcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwareqca6595auwcn3610_firmwareqca6436_firmwareipq5010qca6564au_firmwaresa6155p_firmwareqca6310qcs8155wcn7851ipq8174sd429sa515m_firmwareqca9990qcn5052sdxr2_5gsa415m_firmwarewcn3988_firmwareqcn9074sd205sd429_firmwareqca6421sa6145p_firmwaresa8195pwsa8810_firmwarewcd9326wcd9335qca8081qcn6023ipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385qca6390qca9898_firmwarewcd9375aqt1000csr8811ipq4019qcn9100_firmwaresd210wcn3620_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewsa8815_firmwarewcn6850_firmwarewsa8835_firmwarewcn3620qca6564aqcm6125_firmwarewcn3990qcn9000sd865_5gar9380_firmwareqcc5100sdx24qcn9012qcn6122_firmwareipq8065_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gqcn5154qca8075_firmwareipq4018qca6574awcn6855_firmwareqca9889qca6174aqcn6132_firmwareqca9888qca6310_firmwareqca9994_firmwareipq8070a_firmwareipq8076_firmwaresa515mqca9886sd855sd665ipq8076qca6574a_firmwareqcn5152qca6391sdxr1_firmwareaqt1000_firmwareqcn9100csrb31024_firmwareqcn9070_firmwareipq6028_firmwareipq8072a_firmwareqca6574auqca9889_firmwaresa8155p_firmwareqcn5122sd205_firmwarewcd9341_firmwareqcm6125wsa8810mdm9150wcn6856qcn5022wcn3680bsd835_firmwareipq6010_firmwareqca6696sd845_firmwaresa6150pqca8075qcn9022_firmwareapq8096au_firmwareqcn6024qcn9022sd845qca9990_firmwareipq8070aqcn9072_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareipq4029Snapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2022-32578
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.52%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_pro_software_suiteIntel(R) NUC Pro Software Suite
CWE ID-CWE-284
Improper Access Control
CVE-2022-42717
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.

Action-Not Available
Vendor-n/aHashiCorp, Inc.Linux Kernel Organization, Inc
Product-vagrantlinux_kerneln/a
CWE ID-CWE-284
Improper Access Control
CVE-2022-41784
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 31.37%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access

Action-Not Available
Vendor-n/aIntel Corporation
Product-one_boot_flash_updateIntel(R) OFU software
CWE ID-CWE-284
Improper Access Control
CVE-2022-29871
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.66%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:36
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_platinum_8153xeon_platinum_8276latom_x6212receleron_j1750core_i7-8705gxeon_platinum_9222core_i7-8665uz270xeon_w-3245mxeon_gold_6230tcore_i3-8300tpentium_j2850xeon_gold_6146core_i7-8706gcore_i7-1068ng7xeon_gold_6126txeon_w-3225core_i5-1035g7core_i7-10850hxeon_gold_5115xeon_platinum_8170xeon_gold_6136hm570core_i5-8400hceleron_j1850core_i7-8700celeron_n6210core_i5-10400fcore_i5-8400wm490xeon_gold_6138core_i3-10300core_i7-10700txeon_gold_6246core_i7-8086kceleron_4305ucore_i5-10210uceleron_n2815xeon_platinum_8164core_i5-8257ucore_i7-8700kcore_i5-10200hxeon_gold_6234xeon_gold_6238rq150converged_security_management_engine_firmwarecore_i5-1035g4celeron_n2940core_i3-8145ucore_i5-10400hceleron_4205uceleron_n5105h670xeon_gold_5215core_i3-10100yceleron_j3455core_i5-10400tcore_i3-8109uxeon_gold_6262vxeon_platinum_8168core_i5-10310ucore_i5-10505c246core_i5-1030g7xeon_gold_5218celeron_n4500cm236hm370pentium_n6415xeon_silver_4109tcore_i3-1000g1core_i7-10510yxeon_gold_5215lxeon_silver_4215rceleron_j3160core_i3-10110uxeon_gold_6138fxeon_gold_5122celeron_n3150celeron_n4100xeon_silver_4210tceleron_n3060xeon_gold_6212ucore_i5-10400hm470core_i5-8400bxeon_silver_4114xeon_gold_6248rcore_i5-10500tecore_i3-10105fcore_i3-8100hhm670xeon_gold_6258rxeon_bronze_3104h110core_i5-l16g7core_i5-10300hceleron_n4120xeon_gold_6240xeon_gold_6240lxeon_gold_6238lxeon_gold_6250core_i5-8350ucore_i9-10980hkw580q270xeon_platinum_8156c236core_i5-8600core_i5-8500tcore_i7-10510uxeon_w-3265mceleron_n2840atom_x6214receleron_j4125core_i3-10100ecore_i3-8100core_i7-1060g7celeron_n2910core_i9-10900celeron_n2930h410h570pentium_n3510xeon_gold_6126fcore_i3-10100txeon_gold_5218tcore_i9-8950hkxeon_gold_6150core_i9-10900ecore_i9-10850kxeon_gold_5220rxeon_gold_6140qm480pentium_n3700core_i9-10900kh270core_i5-8600kxeon_platinum_8160fq470core_i9-10900fcore_i5-8400tpentium_n3520core_i7-8750hxeon_gold_6250lcore_i7-10700core_i5-8365uqm580celeron_j3060b150h510xeon_gold_6210uc252celeron_n3160core_i3-10100term590exeon_gold_6126core_i3-10105tcore_i9-10885hcore_i7-10700fcore_i3-10325pentium_n3540z690core_i7-10750hxeon_silver_4216xeon_gold_6230xeon_platinum_8253q470ecore_i3-8300core_i3-1000g4core_i7-10875hwm690xeon_silver_4116tatom_x6427feq370core_i7-8809gcore_i3-8145ueceleron_j4105xeon_gold_6142fcore_i3-l13g4core_i7-8700bcore_i7-8709gcore_i3-10100b560xeon_gold_6238celeron_j1800xeon_gold_6130celeron_j1900z590core_i3-8100tq670xeon_silver_4208celeron_n4505xeon_platinum_8260h170core_i5-10210yh310wm590core_i7-8557ub660core_i5-10500eatom_x5-e3930xeon_gold_5220sxeon_w-3275mceleron_j3355core_i7-8700tatom_x7-e3950xeon_platinum_9242core_i5-8300hxeon_platinum_9282core_i5-10600tcore_i3-10110yxeon_platinum_8280lcore_i5-10600kfxeon_silver_4110core_i7-8650uxeon_bronze_3204core_i7-10700eceleron_j3355exeon_gold_5119txeon_silver_4108xeon_gold_6130tatom_x6414rec242xeon_silver_4210xeon_gold_6246rz370celeron_n3700core_i7-10870hxeon_gold_5217w480core_i5-1035g1core_i5-1038ng7h420exeon_gold_6230nhm170xeon_w-3265xeon_gold_5218nz170xeon_bronze_3106xeon_gold_6138tcm246xeon_w-3245x299xeon_gold_5120celeron_n3350core_i5-8500bcore_i7-10700kceleron_n3050core_i5-8269uceleron_n5095pentium_silver_j5005core_i5-1030g4celeron_n3520core_i7-10700teceleron_n3000xeon_gold_5220xeon_platinum_8160tceleron_n2807core_i5-10500xeon_silver_4214ratom_x6425exeon_gold_6254pentium_j3710xeon_silver_4114tpentium_j2900xeon_gold_6240yq570xeon_gold_6154core_i7-10710uq670ecore_i7-10700kfh370xeon_gold_6208ucore_i5-8279uxeon_platinum_8268w480epentium_n3530core_i7-8565uxeon_gold_5222xeon_w-3275core_i5-8250uatom_x6425receleron_n2820core_i3-10305b365xeon_silver_4209txeon_silver_4116hm175xeon_gold_6252ncore_i5-8259uxeon_platinum_9221xeon_gold_6244xeon_platinum_8160celeron_n2805celeron_n2806atom_x6416rexeon_gold_6248core_i5-10600kqm170atom_x5-e3940r680eceleron_4305uecore_i3-8140uxeon_platinum_8280core_m3-8100ycore_i9-10900kfcore_i3-10105pentium_n4200q170xeon_gold_6148fb460xeon_gold_6132celeron_n3350exeon_platinum_8256xeon_gold_6152xeon_platinum_8158hm570ecore_i7-8550ucore_i5-10310yceleron_n3010atom_x6211exeon_gold_6222vpentium_j6426core_i5-10500hxeon_platinum_8176xeon_gold_6242core_i5-8260uceleron_n2808celeron_j4025pentium_j4205c422qm175core_i7-10810ub250xeon_gold_6142xeon_platinum_8260yxeon_platinum_8270celeron_j6413c256xeon_gold_6242rxeon_gold_6128xeon_silver_4215core_i7-8850hxeon_gold_5118xeon_gold_6130fcore_i7-10610ucore_i3-10100fw680core_i7-8500yceleron_n2920atom_x6413eb360core_i5-10600xeon_silver_4214xeon_platinum_8276xeon_gold_6238txeon_silver_4210rxeon_silver_4214ycore_i7\+8700core_i5-8210yceleron_n6211xeon_gold_5218bxeon_gold_6138pcore_i5-8365uecore_i7-8665uexeon_platinum_8176fceleron_n4000celeron_n2830celeron_j3455exeon_gold_6240rpentium_n4200ecore_i3-10320core_i9-10900tcore_i5-8200ycore_i3-10300tcore_i5-8310yceleron_n3450qm580eceleron_n5100pentium_n3710celeron_n4020core_i5-8500xeon_gold_6209uh610xeon_silver_4112qm370celeron_j6412xeon_w-3223xeon_gold_6226xeon_gold_6256celeron_n2810xeon_gold_5120txeon_gold_6230rxeon_w-3175xcore_i7-8569uxeon_gold_6252atom_x6200fexeon_gold_6134q250z490core_i5-8265ucore_i5-10500txeon_w-3235h610epentium_gold_5405uxeon_gold_5218rxeon_gold_6226rcore_i3-1005g1celeron_j4005xeon_bronze_3206rcore_i3-8100bcore_i3-10305tcore_i3-8350kxeon_gold_6148c232core_i5-8600tcore_i5-8305gxeon_gold_6144pentium_silver_j5040core_i7-1065g7xeon_platinum_8260lcm238core_i7-8559ucore_i9-10900texeon_platinum_8180z390c420core_i3-8130uh470xeon_gold_5220tIntel(R) CSME software installerintel_csme_software_installer
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-40207
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.08% / 23.28%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_usage_reportIntel(R) SUR software
CWE ID-CWE-284
Improper Access Control
CVE-2022-40972
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 36.31%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-24 Jan, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT drivers for Windows
CWE ID-CWE-284
Improper Access Control
CVE-2022-40539
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 12.80%
||
7 Day CHG-0.06%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Automotive Android OS

Memory corruption in Automotive Android OS due to improper validation of array index.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa8295psa6155p_firmwarewsa8830sa6150p_firmwaresa8145p_firmwareqcs610sw5100pqcc5100wcn3988_firmwareqca6574ausa6145p_firmwaresa8155p_firmwarewsa8835sa8195pwcn3950_firmwarewsa8810_firmwaresa8150p_firmwarewcd9341_firmwaresw5100wsa8810sa6155pqcs410sw5100p_firmwareqcs610_firmwarewcd9370sa6145pwcd9341qca6696_firmwarewcn3980sa8145pqca6696qam8295pwcn3950wcd9370_firmwaresa8150psa6150pwsa8815sa8155pwsa8830_firmwareqam8295p_firmwarewcn3988wsa8815_firmwarewsa8835_firmwareqca6574au_firmwaresa8195p_firmwaresw5100_firmwareqcs410_firmwarewcn3980_firmwaresa8295p_firmwareqcc5100_firmwareSnapdragonsa6155p_firmwaresa6150p_firmwaresa8145p_firmwareqca6696_firmwarewcd9370_firmwarewcn3988_firmwarewsa8830_firmwaresa6145p_firmwaresa8155p_firmwareqam8295p_firmwarewcn3950_firmwarewsa8815_firmwarewsa8835_firmwarewsa8810_firmwaresa8150p_firmwarewcd9341_firmwareqca6574au_firmwaresa8195p_firmwaresw5100_firmwareqcs410_firmwarewcn3980_firmwaresa8295p_firmwaresw5100p_firmwareqcs610_firmwareqcc5100_firmware
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-27838
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.7||HIGH
EPSS-0.04% / 12.59%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-factorycameraFactoryCamera
CWE ID-CWE-284
Improper Access Control
CVE-2022-37341
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.03% / 10.17%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-07 Jan, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_controller_i225-lm_firmwareethernet_controller_i225-v_firmwareethernet_controller_i225-itethernet_adapter_complete_driverethernet_controller_i225-lmethernet_controller_i225-it_firmwareethernet_controller_i225-vIntel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmwareethernet_network_adapter_x710-t4lethernet_network_adapter_xl710-qda2_for_open_compute_projectethernet_network_adapter_e810-xxvda2ethernet_network_adapter_e810-2cqda2ethernet_network_adapter_e810-xxvda4ethernet_network_adapter_e810-xxvda2_for_ocp_3.0ethernet_network_adapter_x710-t4l_for_ocp_3.0ethernet_network_adapter_xl710-qda1_for_open_compute_project
CWE ID-CWE-284
Improper Access Control
CVE-2022-28184
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.13% / 31.88%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 00:00
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpugpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-284
Improper Access Control
CVE-2016-10408
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.12%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:56
Updated-09 Jan, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Core.

QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-9206_lte_modemsd820_firmwareapq8037_firmwaresd626_firmware9206_lte_modem_firmwaresd626apq8037sd820sd821sd821_firmwareSnapdragonsd626_firmware9206_lte_modem_firmwaresd820_firmwareapq8037_firmwaresd821_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2022-34457
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.04%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 11:38
Updated-03 Apr, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-3263
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.15%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:30
Updated-16 Apr, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Measuresoft ScadaPro Server Improper Access Control

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.

Action-Not Available
Vendor-measuresoftMeasuresoft
Product-scadapro_serverScadaPro Server
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2012-6689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.93%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-284
Improper Access Control
CVE-2022-2225
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-8.1||HIGH
EPSS-0.04% / 13.91%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 11:35
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zero Trust Secure Web Gateway policies bypass using WARP client subcommands

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-warpWARP
CWE ID-CWE-284
Improper Access Control
CVE-2023-52712
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.68%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 06:22
Updated-17 Jan, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-curiem-wfg9b_firmwarecuriem-wfg9bCurieM-WFG9B
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found