Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-33673

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 Apr, 2024 | 00:00
Updated At-21 Aug, 2024 | 20:34
Rejected At-
Credits

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 Apr, 2024 | 00:00
Updated At:21 Aug, 2024 | 20:34
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.veritas.com/support/en_US/security/VTS24-002#H2
N/A
Hyperlink: https://www.veritas.com/support/en_US/security/VTS24-002#H2
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.veritas.com/support/en_US/security/VTS24-002#H2
x_transferred
Hyperlink: https://www.veritas.com/support/en_US/security/VTS24-002#H2
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Veritas Technologies LLCveritas
Product
backup_exec
CPEs
  • cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 22.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:26 Apr, 2024 | 02:15
Updated At:30 Jun, 2025 | 14:22

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Veritas Technologies LLC
veritas
>>backup_exec>>Versions from 21.0(inclusive) to 23.0(exclusive)
cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.veritas.com/support/en_US/security/VTS24-002#H2cve@mitre.org
Vendor Advisory
https://www.veritas.com/support/en_US/security/VTS24-002#H2af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.veritas.com/support/en_US/security/VTS24-002#H2
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.veritas.com/support/en_US/security/VTS24-002#H2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

238Records found
CVE-2025-21470
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.94%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Camera Driver

Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8845_firmwarewsa8840wcd9370wcd9340_firmwarewcd9385sc8380xpwcd9341_firmwaresnapdragon_7c\+_gen_3_compute_firmwarefastconnect_6700qca6420sc8280xp-abbbqca6430wsa8815_firmwarewcd9370_firmwareqcm6490_firmwarewcd9340wcd9341qcm6490wsa8810_firmwarewsa8845h_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresnapdragon_7c\+_gen_3_computewsa8835wsa8840_firmwareqca6391_firmwareqca6430_firmwarefastconnect_6800_firmwareqcs5430wsa8845hwcd9380_firmwareqcm5430sc8180x-acafsc8180x-ad_firmwareqcm5430_firmwarewsa8815wsa8830sc8380xp_firmwarefastconnect_6800wcd9375_firmwarefastconnect_7800_firmwarefastconnect_6900qca6391qcs5430_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380fastconnect_6200sc8280xp-abbb_firmwarefastconnect_7800sc8180x-acaf_firmwarewcd9375wsa8845fastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresc8180x-adwsa8835_firmwaresc8180x-aaabwsa8810sc8180x-aaab_firmwareqcs6490fastconnect_6200_firmwarewsa8830_firmwarevideo_collaboration_vc3_platformaqt1000Snapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21359
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.08%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Security Feature Bypass Vulnerability

Windows Kernel Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-284
Improper Access Control
CVE-2025-21425
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.13% / 32.01%
||
7 Day CHG+0.07%
Published-07 Apr, 2025 | 10:15
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Automotive Linux OS

Memory corruption may occur due top improper access control in HAB process.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa7775psa8620psrv1h_firmwaresa7255pqca6595au_firmwaresa8540p_firmwareqamsrv1m_firmwaresa6145p_firmwaresa8255psa6155p_firmwaresa8195pqca6698aqsa8295psa8145p_firmwaresa8295p_firmwaresa8775psa8150psa6150p_firmwareqam8295p_firmwareqam8620pqca6574au_firmwaresa8145pqamsrv1msa8540psa8770psa6150psrv1m_firmwareqca6696qamsrv1h_firmwareqca6574ausa8775p_firmwareqca6595_firmwareqca6688aq_firmwareqam8295psrv1l_firmwareqca6696_firmwaresa8770p_firmwaresa6155pqca6595ausrv1hqca6688aqsa6145pqamsrv1hqca6595qam8775pqam8255pqam8650p_firmwaresa8255p_firmwareqam8620p_firmwaresa9000psa7255p_firmwaresa8620p_firmwaresrv1lsa8650psa8155p_firmwaresa9000p_firmwaresa8155pqam8775p_firmwaresa8650p_firmwareqam8255p_firmwaresa7775p_firmwareqca6698aq_firmwaresa8150p_firmwaresrv1mqam8650psa8195p_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2025-21469
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.94%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Camera Driver

Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs5430wsa8845_firmwarewsa8840wsa8845hwcd9380_firmwarewcd9370qcm5430qcm5430_firmwarewsa8830wcd9385sc8380xpsnapdragon_7c\+_gen_3_compute_firmwaresc8380xp_firmwarefastconnect_6700sc8280xp-abbbwcd9375_firmwarefastconnect_6900fastconnect_7800_firmwarewcd9370_firmwareqcs5430_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380qcm6490_firmwaresc8280xp-abbb_firmwarefastconnect_7800wcd9375qcm6490wsa8845fastconnect_6700_firmwarewsa8845h_firmwarevideo_collaboration_vc3_platform_firmwareqcs6490_firmwarewsa8835_firmwareqcs6490snapdragon_7c\+_gen_3_computewsa8835wsa8840_firmwarewsa8830_firmwarevideo_collaboration_vc3_platformSnapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21105
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.05% / 14.48%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 12:10
Updated-31 Jul, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for VMs
CWE ID-CWE-284
Improper Access Control
CVE-2025-1865
Matching Score-4
Assigner-cirosec GmbH
ShareView Details
Matching Score-4
Assigner-cirosec GmbH
CVSS Score-8.5||HIGH
EPSS-0.11% / 29.54%
||
7 Day CHG+0.05%
Published-04 Apr, 2025 | 09:52
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation in Virtual CloneDrive Kernel Driver

The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM.

Action-Not Available
Vendor-Elaborate Bytes AG
Product-Virtual CloneDrive
CWE ID-CWE-284
Improper Access Control
CVE-2025-54871
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.49%
||
7 Day CHG~0.00%
Published-05 Aug, 2025 | 00:03
Updated-09 Oct, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0.

Action-Not Available
Vendor-electroncapturesteveseguin
Product-electron_captureelectroncapture
CWE ID-CWE-284
Improper Access Control
CVE-2025-10491
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.34%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 16:04
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MongoDB Windows installation MSI may leave ACLs unset on custom installation directories

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5

Action-Not Available
Vendor-MongoDB, Inc.
Product-MongoDB Server
CWE ID-CWE-284
Improper Access Control
CVE-2024-9576
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7||HIGH
EPSS-0.08% / 24.04%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 14:28
Updated-12 Nov, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access control in Linux Workbooth Distro

Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.

Action-Not Available
Vendor-workbooth_projectLinux Workboothlinux_workbooth
Product-workboothLinux Workboothlinux_workbooth
CWE ID-CWE-284
Improper Access Control
CVE-2024-9157
Matching Score-4
Assigner-Synaptics, Inc.
ShareView Details
Matching Score-4
Assigner-Synaptics, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.07%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:28
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation Vulnerability in CxUIUSvc service

** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.

Action-Not Available
Vendor-Synaptics
Product-Synaptics Audio Driver
CWE ID-CWE-284
Improper Access Control
CVE-2023-40071
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.09% / 25.84%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzersIntel(R) GPA software installers
CWE ID-CWE-284
Improper Access Control
CVE-2023-38561
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.28%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-25 Oct, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-extreme_tuning_utilityIntel(R) XTU software
CWE ID-CWE-284
Improper Access Control
CVE-2020-10143
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 22:35
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

Action-Not Available
Vendor-macriumMacrium
Product-reflectReflect
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-665
Improper Initialization
CVE-2024-7553
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-7.3||HIGH
EPSS-0.22% / 44.78%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 09:57
Updated-19 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Accessing Untrusted Directory May Allow Local Privilege Escalation

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue

Action-Not Available
Vendor-MongoDB, Inc.Microsoft Corporation
Product-windows_server_2016windows_10_1803windows_11_22h2windows_10_1507windows_11_21h2c_driverwindows_10_21h1windows_11_23h2windows_10_1511mongodbwindows_10_21h2windows_10_1809windows_10_1709windows_10_2004php_driverwindows_10_1903windows_10_1909windows_11windows_10_22h2windows_10_20h2windows_server_2022windows_10_1703windows_server_2019windows_10_1607MongoDB PHP DriverMongoDB ServerMongoDB C Driver
CWE ID-CWE-284
Improper Access Control
CVE-2023-32477
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.88%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 07:18
Updated-23 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-common_event_enablerCommon Event Enabler
CWE ID-CWE-284
Improper Access Control
CVE-2023-32479
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.25%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:09
Updated-22 Aug, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowssecurity_management_serverencryptionendpoint_security_suite_enterpriseDell Security Management Server (Windows)Dell Endpoint Security Suite EnterpriseDell Encryptionsecurity_management_serverencryptionendpoint_security_suite_enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2023-32458
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.06% / 19.76%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 15:52
Updated-23 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-appsyncDell EMC AppSync
CWE ID-CWE-284
Improper Access Control
CVE-2020-25238
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 29.81%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_process_control_system_neototally_integrated_automation_portalPCS neo (Administration Console)TIA Portal
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-33071
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.07% / 20.18%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:04
Updated-25 Feb, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Automotive OS Platform Android

Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6145psa6155p_firmwaresa6150p_firmwaresa8145p_firmwaresa8145psa8155_firmwareqca6574_firmwaresa8150psa6150pqca6574ausa8155psa6145p_firmwaresa8155p_firmwareqca6574sa8195psa8155qca6574a_firmwaresa8150p_firmwareqca6574au_firmwaresa8195p_firmwareqca6595au_firmwareqca6595ausa6155sa6155_firmwaresa6155pqca6574aSnapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-24485
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.95%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation on the system running a vulnerable version of Citrix Workspace app for Windows

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)
Product-workspaceCitrix Workspace App for Windows
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-32204
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.63%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-14 Aug, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-one_boot_flash_updateIntel(R) OFU softwareone_boot_flash_update
CWE ID-CWE-284
Improper Access Control
CVE-2023-28066
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.78%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 15:40
Updated-08 Jan, 2025 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_toolDell OS Recovery Tool
CWE ID-CWE-284
Improper Access Control
CVE-2023-28051
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.64%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 07:20
Updated-10 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2023-28070
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.64%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 08:05
Updated-30 Jan, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-31019
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.69%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-12 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming drivergpu_display_driver
CWE ID-CWE-284
Improper Access Control
CVE-2023-27509
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.05% / 14.90%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-02 Oct, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ispc_software_installerIntel(R) ISPC software installers
CWE ID-CWE-284
Improper Access Control
CVE-2023-25773
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 19.98%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-uniteIntel(R) Unite(R) Hub software installer for Windows
CWE ID-CWE-284
Improper Access Control
CVE-2023-25496
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 21:13
Updated-30 Jan, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-drivers_managementLenovo Drivers Management
CWE ID-CWE-284
Improper Access Control
CVE-2023-25174
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.17%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-12 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-chipset_device_softwareIntel(R) Chipset Driver Software
CWE ID-CWE-284
Improper Access Control
CVE-2023-29157
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 24.47%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-30 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-one_boot_flash_updateIntel(R) OFU software
CWE ID-CWE-284
Improper Access Control
CVE-2024-23360
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.09% / 25.98%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:05
Updated-09 Jan, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Windows

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830fastconnect_6900wsa8845wcd9380sc8380xp_firmwarewsa8835fastconnect_7800wcd9385_firmwarefastconnect_6900_firmwaresc8280xp-abbb_firmwarewcd9385fastconnect_6700fastconnect_6700_firmwaresnapdragon_7c\+_gen_3_computesc8280xp-abbbwsa8830_firmwarewsa8845h_firmwarewsa8840fastconnect_7800_firmwarewsa8845_firmwarewcd9380_firmwaresc8380xpwsa8835_firmwarewsa8840_firmwarewsa8845hsnapdragon_7c\+_gen_3_compute_firmwareSnapdragonsnapdragon_7c\+_gen_3_compute_firmwarefastconnect_7800_firmwarewsa8835_firmwarewsa8845_firmwarewsa8845h_firmwaresc8380xp_firmwarewsa8830_firmwarefastconnect_6900_firmwarewcd9385_firmwarefastconnect_6700_firmwarewsa8840_firmwarewcd9380_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2024-23351
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.11% / 28.68%
||
7 Day CHG+0.03%
Published-06 May, 2024 | 14:32
Updated-16 Dec, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Graphics Linux

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwareqcm8550_firmwaresw5100pwsa8845_firmwarewsa8832snapdragon_480_5g_mobileqca6595srv1mqca6678aqwcd9370qca6696wcd9395_firmwaresnapdragon_8\+_gen_1_mobilefastconnect_6700qcs6125_firmwaresnapdragon_685_4g_mobilewsa8815_firmwarewsa8832_firmwaresa8195p_firmwarewcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwareqam8295pqcm4490_firmwareqca6574auwcd9390sa8620p_firmwarewcn3950wsa8810_firmwareqcs6125flight_rb5_5gsa9000p_firmwaresrv1hqca6797aq_firmwaretalynplus_firmwareqcs5430sa8295p_firmwareqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresa8770pqcm6125_firmwaressg2115psw5100_firmwaresnapdragon_8_gen_3_mobile_firmwareqca6595_firmwareqcs7230fastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformsa7255pwcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarerobotics_rb5_firmwarewcd9380qam8255psxr2230pqcs4490snapdragon_680_4g_mobilewsa8845sa6155pqcm6125sxr1230pwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresa9000psrv1h_firmwaresw5100video_collaboration_vc3_platformqca6595ausnapdragon_4_gen_1_mobile_firmwaresxr2250p_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840qam8295p_firmwaresrv1m_firmwareqcs8550_firmwaresnapdragon_8_gen_2_mobile_firmwareqca6698aq_firmwaresnapdragon_4_gen_2_mobile_firmwarewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_680_4g_mobile_firmwaresa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobilesg8275pwcd9370_firmwareflight_rb5_5g_firmwaressg2125psa7255p_firmwareqca6574asnapdragon_8\+_gen_2_mobileqcm4490sa8195pqcs8250_firmwaresnapdragon_480\+_5g_mobile_firmwareqamsrv1mrobotics_rb5talynplusqcm6490qam8650p_firmwarevideo_collaboration_vc5_platformsm8550p_firmwaresxr2250pqcm8550wcn3988qcs6490_firmwarewcn3980_firmwareqrb5165n_firmwareqca6574sa8775pwsa8835qca6595au_firmwareqca6391_firmwaresxr2230p_firmwarewsa8840_firmwaresw5100p_firmwaresa8775p_firmwareqamsrv1hqca6696_firmwarewcd9380_firmwareqca6574_firmwaresa8155p_firmwarewsa8815sg4150psa8155psd_8_gen1_5gwsa8830qam8775pqca6797aqsnapdragon_ar2_gen_1_firmwaresm8550pqcm4325_firmwaresa8620psa8255p_firmwareqca6574a_firmwaresnapdragon_4_gen_1_mobileqamsrv1m_firmwaresnapdragon_4_gen_2_mobilesa8650p_firmwareqcm4325sd_8_gen1_5g_firmwarewcd9375_firmwareqca6391qcs5430_firmwareqca6698aqsg4150p_firmwaressg2125p_firmwarewcn3950_firmwareqrb5165nsa8295psa8770p_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sa8650pqam8775p_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375snapdragon_ar2_gen_1wcn3988_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaressg2115p_firmwareqcs6490qcs8250snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilewcn3980fastconnect_6200_firmwarewsa8830_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqcm4490_firmwareqcm5430_firmwareqcs6125_firmwareqcs7230_firmwareqam8650p_firmwareqcm6125_firmwarerobotics_rb5_platform_firmwareqcm8550_firmwarefastconnect_6900_firmwareqca6698aq_firmwareqca6391_firmwareqcs8550_firmwareqrb5165n_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqam8255p_firmwarefastconnect_6700_firmwareqca6797aq_firmwareqcs5430_firmwareqam8295p_firmwareflight_rb5_5g_platform_firmwareqam8775p_firmwareqamsrv1h_firmwarefastconnect_7800_firmwareqcm4325_firmwareqcs6490_firmwareqca6595_firmwareqca6574a_firmwaresa6155p_firmwareqcm6490_firmwareqca6678aq_firmwareqca6574_firmwareqca6574au_firmwareqcs8250_firmwarequalcomm_video_collaboration_vc5_platform_firmwareqcs4490_firmwarefastconnect_6200_firmwareqca6595au_firmwareqca6696_firmwareqamsrv1m_firmwarequalcomm_video_collaboration_vc1_platform_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2023-29242
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.04%
||
7 Day CHG-0.02%
Published-12 May, 2023 | 14:01
Updated-24 Jan, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_rendering_toolkitoneapi_base_toolkitoneapi_ai_analytics_toolkitoneapi_dl_framework_developer_toolkitoneapi_hpc_toolkitoneapi_iot_toolkitIntel(R) oneAPI Toolkits
CWE ID-CWE-284
Improper Access Control
CVE-2023-28246
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 64.56%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Registry Elevation of Privilege Vulnerability

Windows Registry Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_21h2windows_11_22h2windows_server_2022Windows Server 2022Windows 11 version 21H2Windows 11 version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-27517
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 17.92%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-20 Feb, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nmc2xxd128gpsu4nma1xxd128gpsu4optane_persistent_memory_firmwarenmc2xxd512gpsu4nmb1xxd128gpsufnmb1xxd256gpsu4nmb1xxd128gpsu4nma1xxd512gpsufnma1xxd128gpsufnmc2xxd256gpsu4nmb1xxd512gpsu4nma1xxd256gpsufnmb1xxd256gpsufnmb1xxd512gpsufnma1xxd512gpsu4nma1xxd256gpsu4Intel(R) Optane(TM) PMem softwareoptane_persistent_memory_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2023-24844
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.70%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-27 Feb, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Core

Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830qca8337_firmwarewcd9380_firmwareqca8337sg8275p_firmwareqru1032qcm8550qdu1010_firmwareqru1052ar8035_firmwareqdx1011qdu1000wsa8840wsa8835qdu1110_firmwarewcn3950_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcd9380fastconnect_6700snapdragon_x70_modem-rf_systemwcd9370snapdragon_4_gen_2_mobile_platform_firmwareqdu1110sg8275psnapdragon_8_gen_2_mobile_platformqru1062wcd9385_firmwarewsa8845wcn3950qcn6024_firmwarewsa8815qru1032_firmwarewsa8845_firmwaresnapdragon_4_gen_2_mobile_platformqcn9024wsa8845h_firmwareqca8081_firmwarefastconnect_7800snapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcm4490_firmwareqcs4490_firmwaresnapdragon_x70_modem-rf_system_firmwaresnapdragon_x65_5g_modem-rf_systemwsa8840_firmwarewsa8832_firmwarefastconnect_6900fastconnect_6900_firmwareqcs8550_firmwarewcn3988_firmwareqru1062_firmwareqdu1010qdx1011_firmwarefastconnect_6700_firmwareqcn9024_firmwarewsa8810_firmwarefastconnect_7800_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8810wsa8845hwsa8832wcd9395_firmwareqdx1010_firmwareqdu1000_firmwareqca8081sm8550pqcm4490wcd9385qcs4490wcd9395qcs8550ar8035qru1052_firmwarewcd9370_firmwaresm8550p_firmwareqdx1010wcd9390wcd9390_firmwarewsa8830_firmwareqcn6024qdu1210wcn3988wsa8815_firmwarewsa8835_firmwareqdu1210_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2025-46691
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.71%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:31
Updated-09 Mar, 2026 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-premiercolorPremierColor
CWE ID-CWE-284
Improper Access Control
CVE-2025-47161
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.36% / 89.05%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 19:21
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability

Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_endpointMicrosoft Defender for Endpoint for Linux
CWE ID-CWE-284
Improper Access Control
CVE-2023-22618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.04% / 13.90%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 00:00
Updated-20 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.

Action-Not Available
Vendor-n/aNokia Corporation
Product-wavelite_metro_200_and_f2b_fanswavelite_metro_200_ne_and_f2b_fans_firmwarewavelite_metro_200_ne_ops_and_f2b_fanswavelite_metro_200_ops_and_fanswavelite_metro_200_and_fanwavelite_metro_200_ops_and_f2b_fans_firmwarewavelite_metro_200_ops_and_f2b_fanswavelite_metro_200_ne_and_f2b_fanswavelite_metro_200_ops_and_fans_firmwarewavelite_metro_200_and_fan_firmwarewavelite_metro_200_ne_ops_and_f2b_fans_firmwarewavelite_metro_200_and_f2b_fans_firmwaren/awavelite_metro_200_and_f2b_fanswavelite_metro_200_ne_ops_and_f2b_fanswavelite_metro_200_ops_and_fanswavelite_metro_200_and_fanwavelite_metro_200_ne_and_f2b_fans
CWE ID-CWE-284
Improper Access Control
CVE-2023-22312
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 28.38%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc11dbbi7_firmwarenuc_11_pro_kit_nuc11tnkv7_firmwarenuc_11_enthusiast_kit_nuc11phki7cnuc_11_pro_kit_nuc11tnhv7nuc_11_performance_kit_nuc11pahi3_firmwarenuc_board_nuc8cchbnuc_11_pro_kit_nuc11tnhv50lnuc_11_pro_mini_pc_nuc11tnkv7_firmwarenuc_11_pro_mini_pc_nuc11tnkv5lapkc71f_firmwarenuc_11_performance_kit_nuc11pahi3nuc_11_compute_element_cm11ebi58wnuc_8_rugged_kit_nuc8cchkrn_firmwarenuc_11_performance_mini_pc_nuc11paqi50wanuc11dbbi7nuc_m15_laptop_kit_lapbc710_firmwarenuc_11_performance_kit_nuc11paki7_firmwarenuc_11_performance_mini_pc_nuc11paqi50wa_firmwarenuc_board_nuc8cchb_firmwarenuc_8_rugged_board_nuc8cchbn_firmwarenuc_11_performance_kit_nuc11pahi50z_firmwarenuc_11_performance_kit_nuc11pahi7nuc_11_pro_kit_nuc11tnhv7_firmwarenuc_11_performance_mini_pc_nuc11paqi70qa_firmwarenuc_11_pro_kit_nuc11tnkv5_firmwarenuc_11_performance_kit_nuc11pahi50znuc_11_compute_element_cm11ebc4wnuc11dbbi9nuc_11_performance_kit_nuc11pahi30znuc_11_pro_board_nuc11tnbv7_firmwarenuc_11_pro_kit_nuc11tnhv70lnuc_11_performance_kit_nuc11pahi30z_firmwarenuc_11_compute_element_cm11ebc4w_firmwarenuc_8_rugged_board_nuc8cchbnnuc_11_pro_mini_pc_nuc11tnkv5_firmwarenuc_11_pro_board_nuc11tnbv5nuc_11_pro_board_nuc11tnbv5_firmwarenuc_11_performance_kit_nuc11paki5nuc_11_compute_element_cm11ebi38w_firmwarenuc_11_performance_kit_nuc11paki3_firmwarenuc_m15_laptop_kit_lapbc710nuc_11_performance_kit_nuc11paki5_firmwarenuc_11_compute_element_cm11ebi716w_firmwarenuc_11_performance_kit_nuc11pahi70z_firmwarenuc11btmi9nuc_11_compute_element_cm11ebi38wlapkc71flapkc51e_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caanuc_11_performance_kit_nuc11pahi5_firmwarenuc_11_pro_kit_nuc11tnhv5_firmwarenuc_11_pro_kit_nuc11tnkv5nuc_11_performance_kit_nuc11paki7nuc_11_compute_element_cm11ebi58w_firmwarenuc_8_rugged_kit_nuc8cchkrnuc_11_performance_kit_nuc11pahi70znuc_11_performance_kit_nuc11pahi5nuc11dbbi9_firmwarenuc_11_performance_kit_nuc11paki3nuc_11_performance_kit_nuc11pahi7_firmwarenuc_11_pro_kit_nuc11tnkv50z_firmwarenuc_8_rugged_kit_nuc8cchkr_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caa_firmwarenuc_11_pro_kit_nuc11tnhv50l_firmwarenuc_11_pro_mini_pc_nuc11tnkv7nuc_11_performance_mini_pc_nuc11paqi70qalapkc71enuc_11_pro_kit_nuc11tnkv7nuc_m15_laptop_kit_lapbc510nuc_11_compute_element_cm11ebi716wnuc_11_pro_kit_nuc11tnkv50znuc_11_enthusiast_kit_nuc11phki7c_firmwarenuc_11_pro_board_nuc11tnbv7lapkc51enuc_11_pro_kit_nuc11tnhv5nuc_8_rugged_kit_nuc8cchkrnnuc11btmi7_firmwarelapkc71e_firmwarenuc11btmi9_firmwarenuc_m15_laptop_kit_lapbc510_firmwarenuc_11_pro_kit_nuc11tnhv70l_firmwarenuc11btmi7Intel(R) NUC BIOS firmware
CWE ID-CWE-284
Improper Access Control
CVE-2023-21673
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.7||HIGH
EPSS-0.02% / 7.00%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Kernel

Improper Access to the VM resource manager can lead to Memory Corruption.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwareqcm8550_firmwarevision_intelligence_300_platformsd865_5gqca6595wcd9370qca8081_firmwaresm7250-absnapdragon_x50_5g_modem-rf_systemqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcc710_firmwareqca6426sc8180x-abwcn6740_firmwarefastconnect_6700sc8280xp-ab_bb_firmwaresm7325-ae_firmwarewsa8832_firmwareqca8337qdu1110qca6426_firmwarewcd9395qca6574au_firmwareqam8295pwcd9341qca6574auwcd9390wsa8810_firmwarewsa8845h_firmwaresa9000p_firmwaresrv1hfastconnect_6800_firmwaresm8150-acsnapdragon_4_gen_2_mobile_platform_firmwaressg2115pqcc710snapdragon_850_mobile_compute_platformsc8180xp-ac_af_firmwaresa8540psm7250-aa_firmwareqsm8350_firmwarerobotics_rb3_platformfastconnect_6900qru1032_firmwareqfw7114wcd9385_firmwareqca6421snapdragon_x55_5g_modem-rf_systemqca6310qam8255p_firmwaresa8155_firmwaresnapdragon_888_5g_mobile_platform_firmwareqca6335snapdragon_ar2_gen_1_platform_firmwareqcs4490snapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pqca6421_firmwaresc8180x-adqca6564au_firmwarewsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresa9000pqdu1000_firmwaresrv1h_firmwaresnapdragon_8\+_gen_2_mobile_platformsm8350-acqca6595ausm7315_firmwareqdu1010wcd9326_firmwaresa6155p_firmwarewsa8840qcs8550_firmwareqdu1210_firmwareqfw7124_firmwareqca6436_firmwareqcn9012snapdragon_8\+_gen_1_mobile_platformsc8280xp-ab_bbqcs4490_firmwaresnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwaresm8250-ac_firmwareqca6420wcd9370_firmwaresnapdragon_845_mobile_platformsnapdragon_x55_5g_modem-rf_system_firmwareqdu1110_firmwareqdu1000qca6574asm7325-aeqca6174awcd9340qcs8250_firmwareqdu1210sm6150-acqca6335_firmwareqcm6490sa8540p_firmwaresm8150-ac_firmwaresm8550p_firmwareqcm8550wcn3988qca6574snapdragon_x75_5g_modem-rf_systemsm7325-afsxr2230p_firmwaresd675_firmwareqca6430_firmwaresc8180x-aaqcn9011qamsrv1hsdx57mwsa8845hsm7250-aawcd9326sa8155p_firmwareqca6564asa8155pwsa8830snapdragon_675_mobile_platformsm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwarevision_intelligence_400_platform_firmwaresa8255p_firmwareflight_rb5_5g_platform_firmwarear8035sa6155qrb5165m_firmwaresa8650p_firmwarerobotics_rb5_platformqcn6224qca6698aqwcn3950_firmwaressg2125p_firmwareqrb5165nsnapdragon_8_gen_1_mobile_platformsm7250-acfastconnect_6200sc8180x-aa_firmwaresd670sm7325p_firmwareqdx1011sa8150p_firmwaresc8180xp-aa_abfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990sd670_firmwareqcs6490qcs8250fastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwareqca6431snapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832sdx57m_firmwaresxr2130_firmwaresnapdragon_675_mobile_platform_firmwarear8035_firmwareqrb5165msnapdragon_888_5g_mobile_platformsm8250-ab_firmwaresd888_firmwareqca6564ausc8180xp-adsm7325-af_firmwarewsa8815_firmwaresm8250-abqca8337_firmwaresg8275p_firmwareqca9377_firmwareqcm6490_firmwaresc8180xp-aa_ab_firmwaresm8350-ac_firmwaresm7250p_firmwareqcm4490_firmwaresnapdragon_855_mobile_platformqru1032robotics_rb3_platform_firmwarewcn3950sc8180xp-ac_afflight_rb5_5g_platformsnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_670_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platformsa8295p_firmwaresd_675_firmwaresm7250psa8155sd_8cx_firmwaresc8180x-ad_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqcn6274_firmwaresd888qcn9011_firmwareqru1062_firmwaresnapdragon_4_gen_2_mobile_platformwcn6740qru1062qca6310_firmwarefastconnect_6800qfw7114_firmwareqcs7230sm8250-acqca6595_firmwarefastconnect_7800_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwaresa8150psc8180x-ac_af_firmwarevision_intelligence_300_platform_firmwaresnapdragon_778g_5g_mobile_platformsnapdragon_x24_lte_modemsxr1230pvideo_collaboration_vc3_platformaqt1000snapdragon_865_5g_mobile_platform_firmwareqam8295p_firmwaresd855qca6431_firmwaresc8180x-ab_firmwarewcn3990_firmwaresm7315qca6698aq_firmwareqca6564a_firmwarewcd9385sc8180x-ac_afqsm8350sa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwareqca6430sg8275psdx55_firmwareqdx1011_firmwaresc8180xp-ad_firmwaresm7250-ab_firmwaressg2125pqru1052sxr2130qcm4490qca6174a_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformsnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresm6150-ac_firmwaresnapdragon_x65_5g_modem-rf_systemsd855_firmwarewcn3980_firmwareqrb5165n_firmwareqca6436qcn6274qfw7124snapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqca6595au_firmwareqdu1010_firmwaresnapdragon_ar2_gen_1_platformqca6696_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqam8775pqca9377qca6797aqvision_intelligence_400_platformqca6574a_firmwaresdx55sd675sd_8_gen1_5g_firmwarewcd9375_firmwareqca6391snapdragon_778g_5g_mobile_platform_firmwareqcn9012_firmwareqru1052_firmwaresnapdragon_670_mobile_platformsnapdragon_8_gen_2_mobile_platform_firmwaresa8295psnapdragon_x50_5g_modem-rf_system_firmwareqcs8550robotics_rb5_platform_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwarewcd9375wcn3988_firmwareqamsrv1h_firmwaresd_675sd_8cxwsa8835_firmwaressg2115p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980sm7250-ac_firmwareqdx1010Snapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2023-21642
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 12.80%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 05:08
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in HAB Memory Management

Memory corruption in HAB Memory management due to broad system privileges via physical address.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6145psa6155p_firmwaresa6150p_firmwaresa8145p_firmwareqca6696_firmwaresa8145pqca6696qam8295psa9000psa8150psa6150pqca6574ausa8155psa6145p_firmwaresa8155p_firmwareqam8295p_firmwaresa8195psa8540p_firmwaresa9000p_firmwaresa8150p_firmwareqca6574au_firmwaresa8195p_firmwaresa6155psa8540psa8295p_firmwaresa8295pSnapdragonsa6145p_firmwaresa6155p_firmwaresa8155p_firmwaresa6150p_firmwareqam8295p_firmwaresa8145p_firmwaresa8540p_firmwareqca6696_firmwaresa9000p_firmwareqca6574au_firmwaresa8150p_firmwaresa8195p_firmwaresa8295p_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2023-21670
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.19%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-07 Jan, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access control in GPU Subsystem

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqam8255p_firmwaresm7325-ae_firmwaresa6150p_firmwaresm6250p_firmwareqcs610315_5g_iot_modem_firmwareqca8337qam8775psnapdragon_212_mobile_platformwcn3950_firmwaresa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155qca6335sm8350sdm670csra6620_firmwareqcs605_firmwarecsra6640_firmwarewcn685x-1qcs400_firmwaresm7350-ab_firmwaresda845_firmwaresnapdragonwear_4100\+_platformsm4375wcn3998qam8295pwcn3950qcn6024_firmwaresm4125wcn3660bsm7150-acqsm8350_firmwareqsm8350sm7315_firmwaresm7325-aesnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaresm6225-adqca6420sda845snapdragon_auto_5g_modem-rf_firmwaresm6225-ad_firmwareqrb5165m_firmwareqrb5165_firmwareqca6698aqsa4155p_firmwaresa8155_firmwaresnapdragon_7c\+_gen3_computesm7250-ab_firmwareqca6430wcd9340sw5100qca6436sa6155pqca6698aq_firmwaresnapdragon_690_5g_mobile_platformmsm8905wcn685x-1_firmwaresm8150_firmwarewcd9341qam8775p_firmwaresa8255psnapdragon_ar2_gen1_platform_firmwareqca6696_firmwaresnapdragon_x12_lte_modemqca6797aqwcn3910_firmwaresm4350_firmwaresa8150psm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresm7225_firmwarewcn3988sd660_firmwaresm4250-aa_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresm6125_firmwaresa8295p_firmwarewcn3610snapdragon_675_mobile_platform_firmwarec-v2x9150wcn3991qca8337_firmwarewcd9380_firmwaressg2125psdm429wsw5100psdm429sd670_firmwareqca6574wcd9380qcs410snapdragon_210_processorsm7150-aa_firmwaresxr1230pqcn9012_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225qcm4325_firmwareqcs605wcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910sdm429_firmwareqcs8250qca6426_firmwaresm4450wcn3660b_firmwarewcn3680qcn9024wcn3980_firmwaresd730snapdragon_x50_5g_modem-rf_system_firmwaresm7150-aasa8295psm8475_firmwarewcn6740_firmwaresm7125qcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemar8031_firmwarewcn3680_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwaresnapdragon_xr2\+_gen1_platformsdm660qca6797aq_firmwarewcn785x-1_firmwaresdm710sd670qcn9024_firmwareqcm4290_firmwaresnapdragon_x24_lte_modemwsa8832sw5100p_firmwareqcs610_firmwaresa6145par8031qcs4490qca6595_firmwaresa8145pqca6391_firmwaresa4150p_firmwarewcd9370_firmwareqm215_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psnapdragon_695_5g_mobile_platformssg2115p_firmwareqcs8155_firmwareqam8255psa4155par8035_firmwareqcm2290sdm845_firmwarewcn3991_firmwarewsa8830snapdragon_662_mobile_platform_firmwaresxr2230p_firmwaresa8145p_firmwaresm6125snapdragon_x24_lte_modem_firmwareqcs2290_firmwareqam8650pwcn785x-5flight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwaresm7250-ac_firmwareqcs4290qca6420_firmwareqca6390_firmwaresd730_firmwarewcd9370ssg2115pqca6426wcn3990_firmwareqrb5165n_firmwaresm8450qca9377sm8250-abwcd9385_firmwarewcd9326_firmwarewcn3615_firmwaresnapdragon_w5\+_gen1_wearable_platformqam8295p_firmwaresm7325-afqcn9011_firmwaresa8155snapdragon_x55_5g_modem-rf_systemmsm8905_firmwarewcn3680b_firmwaresdx55_firmwaresnapdragon_7c\+_gen3_compute_firmwaresnapdragon_212_mobile_platform_firmwarewcn3615qca6595ausm7325-af_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwaresm4350-acqrb5165nsnapdragon_680_4g_mobile_platform_firmwaresa6155p_firmwareqca6310snapdragon_x65_5g_modem-rf_system_firmwareqcs8155qcs6490qcs8550_firmwaresm8250_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemqcn9074sa6145p_firmwareqm215sm6250sm7250-aasnapdragon_xr2\+_gen1_platform_firmwaresa8195psxr1120sdm710_firmwarewsa8810_firmwaresm4375_firmwaresm8450_firmwarewcd9326wcd9335sa8255p_firmwaresg4150pqca8081qcm4490qca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwaresm7150-abqca6390wcd9375ar8035aqt1000snapdragon_210_processor_firmwaresm6250_firmwaresnapdragon_662_mobile_platformwcn3620_firmwaresm8150wsa8815_firmwareqcm6490wsa8835_firmwarewcn3620sm7350-absxr1120_firmwaresa4150psg4150p_firmwarewcn785x-1qcm4325qcm2290_firmwarewcn3990sdm845sd865_5gsnapdragon_ar2_gen1_platformqca6595sm8350-ac_firmwaresm8150-acqcn9012sd888wsa8835sxr1230p_firmwaresdm429w_firmwarec-v2x9150_firmwaresnapdragon_auto_5g_modem-rfsm6250psxr2130ssg2125p_firmwareqca6574awcn685x-5_firmwareqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresm7250-abqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwareqca6574a_firmwareqrb5165mwcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwaresm8250-ab_firmwareqca6391aqt1000_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_w5\+_gen1_wearable_platform_firmwareqcm4290qcm6490_firmwarewsa8832_firmwaresnapdragon_xr1_platformwcn685x-5qcn9011qca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwarewsa8810sm7250-aa_firmwaresm7250-acsnapdragon_680_4g_mobile_platformsm8150-ac_firmwarewcn3680bsm8350-acqam8650p_firmwaresnapdragon_675_mobile_platformwcn6740qca6696qcs8550snapdragonwear_4100\+_platform_firmwaresm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsa6150pqcn6024sm7250psw5100_firmwareqcn9074_firmwareqcs410_firmwareqcs400sdm660_firmwaresnapdragon_xr1_platform_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21491
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.12% / 30.03%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CVE-2023-21488
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 30.91%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CVE-2023-21518
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 29.93%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-07 Nov, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-searchwidgetSamsung SearchWidget
CWE ID-CWE-284
Improper Access Control
CVE-2023-20224
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.86%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 21:43
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient input validation of user-supplied CLI arguments. An attacker could exploit this vulnerability by authenticating to an affected device and using crafted commands at the prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. The attacker must have valid credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-thousandeyes_enterprise_agentCisco ThousandEyes Recorder Application
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2023-20065
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.84%
||
7 Day CHG-0.01%
Published-23 Mar, 2023 | 00:00
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_920-10sz-pdcatalyst_3850asr_907catalyst_9500hcatalyst_3850-16xs-scatalyst_3850-48pw-sasr_1000-esp200-xcatalyst_9300l-24t-4x-acatalyst_9300-48un-e4331_integrated_services_routercg522-easr_90064461_integrated_services_routercatalyst_9300-48p-acatalyst_9300-24s-aasr_901s-3sg-f-dasr_1000-esp100-xcatalyst_9300l-48t-4x-aasr_920-12sz-imcatalyst_8300catalyst_8500-4qccatalyst_3850-48u-lcatalyst_9800-80_wireless_controlleress-3300-ncp-acatalyst_8300-1n1s-6t8101-32fhcatalyst_9300l-24t-4g-easr_920-12cz-a_rcatalyst_3850-48xscatalyst_9800-clcatalyst_9300-48p-e1131_integrated_services_routercatalyst_9300-48t-ecatalyst_9600xcatalyst_3850-24xu-eess-3300-24t-con-e9800-40catalyst_9600catalyst_3850-48u-scatalyst_3850-16xs-ecatalyst_8510msrcatalyst_9200lcatalyst_3850-24xucatalyst_9300-48uxm-e1109_integrated_services_routercatalyst_9400catalyst_3850-48t-l1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_9600_supervisor_engine-1ess-3300-24t-con-acatalyst_9800-40catalyst_9300l-48p-4x-acatalyst_9800catalyst_9300-48u-aasr_902u1100-4p_integrated_services_routerasr_903asr_9920asr_9906catalyst_ie3200_rugged_switchcatalyst_3850-48t-ecg418-e1101_integrated_services_routerasr_920-24tz-m_r8101-32hasr_920-24sz-m_ress-3300-24t-ncp-acatalyst_3850-12s-sasr_9010asr_920-4sz-d_rcatalyst_3850-24u-sasr_99021100_integrated_services_routerasr_901-4c-ft-dcatalyst_9300l-24t-4x-ecatalyst_9800-40_wireless_controllerasr_1002-hx_rasr_1006-xasr_920-12cz-acatalyst_9300l-24p-4g-aess-3300-24t-ncp-easr_901-12c-ft-dcatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_3850-32xs-scatalyst_9500asr_9001asr_901s-3sg-f-ah4221_integrated_services_routercatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_ie3400_heavy_duty_switchcatalyst_3850-24s-scatalyst_9300-48s-easr_1002-xasr_920-12cz-d_r8800_18-slotcatalyst_9300lcatalyst_ie3400_rugged_switch4451-x_integrated_services_routercatalyst_3850-48p-scatalyst_ie9300catalyst_8510csrasr_1002-hx1109-2p_integrated_services_routercatalyst_9200cxasr_920-10sz-pd_rcatalyst_8200asr_1000-esp100catalyst_9300-48t-acatalyst_3850-12s-ecatalyst_8500asr_920u-12sz-im8831catalyst_3850-24t-easr_900asr_901-6cz-ft-a4321_integrated_services_routercatalyst_3850-24xs-scatalyst_8300-1n1s-4t2x8804catalyst_ie3300_rugged_switchasr_1000catalyst_3850-48p-lcatalyst_8300-2n2s-4t2xasr_920-12sz-im_r88081100-8p_integrated_services_routercatalyst_9410rcatalyst_3850-nm-8-10gasr_901-12c-f-dcatalyst_3850-12xs-easr_901s-2sg-f-ahcatalyst_8540csrcatalyst_3850-32xs-e1100-6g_integrated_services_routercatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-easr_9148202catalyst_3850-24p-scatalyst_3850-24u9800-lcatalyst_9300l_stackasr_920-12cz-dcatalyst_9300l-24p-4g-easr_920-4sz-d111x_integrated_services_routercatalyst_9800-l8201-32fhasr_1013catalyst_8540msrasr_920-24sz-imcatalyst_3850-nm-2-40gcbr-8catalyst_9300lmcatalyst_9300-24t-easr_9000vcatalyst_3850-48t-scatalyst_9407rcatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9800_embedded_wireless_controllercatalyst_9200catalyst_9300l-48p-4g-a1160_integrated_services_routercatalyst_9300l-48t-4g-aasr_920-24sz-mintegrated_services_virtual_routerasr_920-4sz-acatalyst_ie3200catalyst_3850-48p-ecatalyst_9800-80catalyst_8300-2n2s-6tasr_920-4sz-a_rcatalyst_9300l-48p-4x-eess-3300-con-aasr_901-6cz-ft-dasr_901-6cz-f-dess-3300-ncp-easr_9000catalyst_8500lcatalyst_9300-24s-ecatalyst_9300-48u-e1101-4p_integrated_services_routercatalyst_9300-48s-acatalyst_3850-24p-easr_1006catalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300asr_920-24sz-im_rcatalyst_3850-24xu-s4451_integrated_services_routerasr_9901catalyst_3850-24xs-ecatalyst_9400_supervisor_engine-1ess-3300-con-ecatalyst_ie3400catalyst_3850-24u-lcatalyst_9300l-24t-4g-a9800-clcatalyst_3850-48f-sasr_901-4c-f-d8800_8-slotasr_1001-hx_rcatalyst_9800-l-ccatalyst_3850-48f-e4000_integrated_services_router1000_integrated_services_routercatalyst_9300-48uxm-aasr_102388128818catalyst_9300-24p-aasr_1001esr6300catalyst_3850-48xs-easr_9904catalyst_9300-24u-acatalyst_3850-48uasr_1001-hxcatalyst_ie33008102-64hasr_1009-x8201catalyst_9300-24u-easr_901-6cz-f-acatalyst_3850-12x48ucatalyst_9300xcatalyst_9300-48un-aasr_1001-x_rasr_901-6cz-fs-dcatalyst_9300-24p-easr_1002-x_rasr_901s-4sg-f-dcatalyst_3850-48xs-f-easr_1002catalyst_9800-l-fasr_902asr_1004catalyst_9300l-48t-4x-ecatalyst_3850-24p-l1120_integrated_services_routercatalyst_3850-24xsasr_99038800_4-slotess9300-10x-e4431_integrated_services_router9800-80asr_901-6cz-fs-acatalyst_3850-24u-ecatalyst_3850-48xs-sios_xe1111x-8p_integrated_services_routerasr_9910asr_9912asr_99221109-4p_integrated_services_router8800_12-slotasr_1001-xasr_901s-2sg-f-dcatalyst_9300-24ux-e4351_integrated_services_routerasr_920-24tz-mCisco IOS XE Software
CWE ID-CWE-284
Improper Access Control
CVE-2023-20927
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-284
Improper Access Control
CVE-2022-45112
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-virtual_raid_on_cpuIntel(R) VROC software
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found