Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-40460

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 May, 2025 | 00:00
Updated At-23 May, 2025 | 14:49
Rejected At-
Credits

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 May, 2025 | 00:00
Updated At:23 May, 2025 | 14:49
Rejected At:
▼CVE Numbering Authority (CNA)

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://drive.google.com/file/d/10M4x2jL_l-kPSZOOE_tUmBzCTCr0tMiF/view?usp=drive_link
N/A
https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md
N/A
Hyperlink: https://drive.google.com/file/d/10M4x2jL_l-kPSZOOE_tUmBzCTCr0tMiF/view?usp=drive_link
Resource: N/A
Hyperlink: https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 May, 2025 | 19:15
Updated At:30 May, 2025 | 01:16

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ocuco
ocuco
>>innovation>>2.10.24.51
cpe:2.3:a:ocuco:innovation:2.10.24.51:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://drive.google.com/file/d/10M4x2jL_l-kPSZOOE_tUmBzCTCr0tMiF/view?usp=drive_linkcve@mitre.org
Permissions Required
https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.mdcve@mitre.org
Exploit
Hyperlink: https://drive.google.com/file/d/10M4x2jL_l-kPSZOOE_tUmBzCTCr0tMiF/view?usp=drive_link
Source: cve@mitre.org
Resource:
Permissions Required
Hyperlink: https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md
Source: cve@mitre.org
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

720Records found
CVE-2021-34412
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.12%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 13:55
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.

Action-Not Available
Vendor-n/aZoom Communications, Inc.
Product-meetingsZoom Client for Meetings for Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34456
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.86%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34459
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.74%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-19 Nov, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows AppContainer Elevation Of Privilege Vulnerability

Windows AppContainer Elevation Of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34461
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.75%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34477
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.15%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability

Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-.net_education_bundle_sdk_install_tool.net_install_tool_for_extension_authors.NET Education Bundle SDK Install Tool.NET Install Tool for Extension Authors
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34514
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.28%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3439
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.68%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:39
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-zhan_86_pro_g2_microtower_\(rom_family_ssid_843c\)288_pro_g4_microtower_\(rom_family_ssid_843c\)proone_600_g4_21.5-inch_touch_all-in-one_business_pc290_g2_small_form_factor_\(rom_family_ssid_8768\)_firmwareelitebook_x360_1040_g7_firmwareelite_slice_g2_with_microsoft_teams_roomszbook_15_g4probook_450_g3prodesk_600_g5_small_form_factor_pczhan_66_pro_15_g2_firmwareproone_490_g3_\(rom_family_ssid_81b7\)zhan_86_pro_g1_microtower_pcelitedesk_800_g2_tower_pceliteone_1000_g1_23.8-in_touch_all-in-one_business_pcprobook_430_g7elitedesk_800_35w_g4_desktop_mini_pc_firmware288_pro_g5_microtower_\(rom_family_ssid_86e9\)_firmwarez4_g4_workstation_\(core-x\)_firmwareelitebook_x360_1030_g7_firmwaredesktop_pro_g1_microtower_\(rom_family_ssid_843c\)_firmwareelitebook_840_g3elitebook_x360_1030_g4_firmware288_pro_g6_microtower_\(rom_family_ssid_8948\)zhan_66_pro_13_g2elitebook_folio_g1_firmwareeliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmwareprobook_430_g8probook_440_g8probook_x360_11_g4_education_edition_firmwarezbook_17_g6zbook_firefly_15_g7engage_flex_pro_retail_systemzbook_17_g3256_g4_firmwareelite_sliceproone_440_g3_\(rom_family_ssid_81b7\)z2_small_form_factor_g5240_g6probook_640_g3prodesk_400_g6_small_form_factor_pcelitedesk_800_g6_tower_pc200_g3_all-in-one_\(rom_family_ssid_8431\)prodesk_600_g5_desktop_mini_pc340s_g7_firmwareelitedesk_800_g4_tower_pcelitebook_1040_g3240_g4z2_mini_g5_firmwaredesktop_pro_g2_microtower_pc_firmwareprobook_640_g4_firmwarezbook_studio_g7_firmwaremt31_thin_client_firmwareprodesk_600_g2_microtower_pc290_g4_microtower_\(rom_family_ssid_8948\)_firmwareprobook_440_g3prodesk_600_g3_desktop_mini_pc_firmwarez240_tower_firmwaredesktop_pro_g3406_microtower_pc_firmwareeliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_business_pc_firmwareelite_x2_1012_g1218_pro_g5_microtower_pcspectre_pro_13_g1_firmwareelite_x2_1012_g1_tabletmt31_thin_clientzbook_studio_x360_g5_firmwareeliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware260_g3_desktop_mini_pcprobook_450_g8_firmwareprobook_650_g7probook_430_g3280_pro_g3_microtower_pcelitedesk_880_g2_tower_pc_firmwareprodesk_400_g3_desktop_mini_pc_firmwareelitedesk_800_35w_g2_desktop_mini_pc_firmwaremp9_g2_retail_system_firmware340_g3elite_slice_g2_with_zoom_rooms_firmware288_pro_g6_microtower_\(rom_family_ssid_877e\)_firmware200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)z2_mini_g3290_g2_small_form_factor_\(rom_family_ssid_86e9\)stream_11_pro_g4z2_tower_g4_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmwareelitedesk_800_g2_tower_pc_firmwareengage_flex_pro_retail_system_firmware346_g3_firmwareprodesk_400_g3_desktop_mini_pcengage_flex_pro-c_retail_system_firmwareproone_440_g5_23.8-in_all-in-one_business_pc_firmwarezbook_15v_g5_mobile_workstationelitedesk_800_g4_small_form_factor_pceliteone_800_g5_23.8-in_healthcare_edition_all-in-oneprobook_x360_11_g6_education_edition_firmwareprodesk_480_g4_microtower_pcelite_dragonfly_g2engage_one_pro_aio_system_firmwarezbook_14u_g5probook_430_g4prodesk_480_g7_pci_microtower_pc280_g5_small_form_factor_\(rom_family_ssid_86e9\)engage_gomobile_systemprobook_430_g7_firmwarezbook_14u_g4246_g6_firmware280_pro_g3_microtower_pc_firmwareeliteone_800_g2_23-inch_touch_all-in-one_pc280_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwarez1_entry_tower_g5280_g3_small_form_factor_\(rom_family_ssid_843f\)_firmware290_g4_microtower_\(rom_family_ssid_877e\)probook_x360_11_g5_education_edition_firmwaredesktop_pro_g2_microtower_pcprodesk_480_g6_microtower_pc_firmwarez640_workstation_firmwareeliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_business_pc250_g5z2_tower_g5_firmwareeliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc258_g6_firmwareelitedesk_800_g5_tower_pcprodesk_400_g4_desktop_mini_pc_firmware256_g4desktop_pro_g3_firmwareprodesk_600_g6_small_form_factor_pc_firmwareelitebook_x360_1040_g6elitedesk_800_g6_desktop_mini_pc_firmwarez240_small_form_factorelite_dragonflyzhan_x_13_g2348_g5zhan_66_pro_14_g3eliteone_800_g6_24_all-in-one_pc260_g4_desktop_mini_pc_firmwareprodesk_680_g4_microtower_pc_\(with_pci_slot\)zbook_15u_g6zcentral_4rprobook_630_g8zbook_15_g3_firmwarezhan_99_pro_g1_microtower_\(rom_family_ssid_843c\)_firmware200_g3_all-in-one_\(rom_family_ssid_8431\)_firmwaremt22_thin_client_firmwareeliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc280_g3_small_form_factor_\(rom_family_ssid_843f\)probook_450_g4engage_one_all-in-one_systemprobook_630_g8_firmwareelitebook_1030_g1_firmwareengage_one_pro_aio_systemeliteone_800_g3_23.8-inch_touch_all-in-one_pcengage_gomobile_system_firmwaremt21_thin_client_firmwareprobook_446_g3256_g5zhan_66_pro_g1_r_microtower_pc_firmwareprodesk_600_g4_small_form_factor_pcspectre_pro_x360_g2256_g5_firmwareprobook_640_g8_firmware288_pro_g6_microtower_\(rom_family_ssid_8948\)_firmware340_g5_firmwareprodesk_400_g6_microtower_pcelitedesk_800_g3_small_form_factor_pc290_g2_small_form_factor_\(rom_family_ssid_86e9\)_firmwarestream_11_pro_g5elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms240_g7_firmwareelitebook_840_g3_firmware240_g4_firmware246_g4probook_430_g5_firmware346_g4290_g1_small_form_factor_\(rom_family_ssid_843f\)_firmwareelite_x2_g4prodesk_400_g5_small_form_factor_pc_firmwareprodesk_480_g4_microtower_pc_firmwarez240_small_form_factor_firmwareelite_slice_firmwarezbook_power_g7_firmwarezhan_66_pro_15_g3290_g3_\(rom_family_ssid_86e9\)_firmwarez2_tower_g5zbook_14u_g4_firmwareproone_400_g3_20-inch_non-touch_all-in-one_pcz2_small_form_factor_g4_firmwaremt20_thin_client_firmwareprodesk_600_g4_small_form_factor_pc_firmwareprodesk_400_g7_microtower_pc_firmwareprobook_x360_11_g5_education_editionz1_all-in-one_g3_firmwarezbook_studio_g4_firmwareelitebook_828_g4_firmwaredesktop_pro_g2z840_workstation250_g6elitebook_x360_1040_g5_firmwareprodesk_680_g6_pci_microtower_pc_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pcelitebook_x360_1040_g6_firmwareprodesk_600_g5_microtower_pc_\(with_pci_slot\)_firmwareelite_slice_g2_with_intel_uniteproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware250_g5_firmwarezhan_66_pro_14_g4_firmwarezhan_66_pro_g1eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware348_g4probook_430_g3_firmwareelitedesk_800_65w_g2_desktop_mini_pc_firmwarezbook_fury_15_g7_firmwareprobook_440_g4288_pro_g3_microtower250_g4_firmwareprodesk_600_g3_small_form_factor_pc_firmwareelitebook_840_g6zbook_15_g5z238_microtower_firmwarezbook_studio_g4mt21_thin_clientprodesk_680_g3_microtower_pcelitebook_828_g3prodesk_680_g4_microtower_pc_firmwareelitedesk_800_35w_g4_desktop_mini_pczbook_15u_g3470_g7elitedesk_800_g5_desktop_mini_pcprodesk_680_g2_microtower_pc_firmwareelitebook_x360_1040_g7z238_microtowerprodesk_400_g4_desktop_mini_pcprodesk_600_g6_small_form_factor_pcstream_11_pro_g4_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwareprobook_470_g4elitebook_848_g3zhan_66_pro_g3_24_all-in-one_pc_firmware250_g6_firmwareprodesk_600_g6_microtower_pceliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmwareelite_x2_1012_g2elitebook_840_g6_firmwarez2_tower_g4probook_440_g4_firmware280_g4_small_form_factor_\(rom_family_ssid_86e9\)_firmwareprodesk_400_g5_desktop_mini_pcsprout_pro_by_g2240_g7elitebook_848_g3_firmwarezhan_66_pro_g1_firmwareelitebook_1050_g1prodesk_600_g4_microtower_pc_firmwareprodesk_600_g3_microtower_pc_firmwareproone_600_g2_21.5-inch_non-touch_all-in-one_pcelitebook_x360_830_g6_firmwarezbook_create_g7proone_440_g4_23.8-inch_non-touch_all-in-one_business_pcproone_600_g6_22_all-in-one_pceliteone_1000_g1_23.8-in_all-in-one_business_pcprodesk_480_g5_microtower_pcelitebook_840_g5_healthcare_editionelitedesk_800_g6_small_form_factor_pc_firmwareprodesk_400_g2_desktop_mini_pcelitedesk_800_g4_workstation_edition_firmwareelitedesk_800_g3_tower_pc_firmwarezhan_66_pro_g1_microtower_pc_firmwareprobook_470_g3zbook_14u_g6_firmwareprobook_x360_11_g3_education_editionprobook_x360_440_g1_firmwareelitedesk_800_g4_tower_pc_firmwareelitebook_x360_1030_g3probook_x360_11_g2_education_edition_firmwareelitedesk_800_65w_g2_desktop_mini_pcprodesk_400_g5_small_form_factor_pc282_pro_g4_microtower_\(rom_family_ssid_843c\)proone_440_g3_\(rom_family_ssid_81b7\)_firmwareprodesk_600_g2_desktop_mini_pceliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmwareprobook_450_g7406_microtower_pcprodesk_600_g2_microtower_pc_firmwareelitebook_850_g3_firmwareprodesk_600_g6_pci_microtower_pcelitedesk_880_g3_tower_pc_firmwareproone_600_g5_21.5-in_all-in-one_business_pcz2_mini_g4prodesk_680_g4_microtower_pc_\(with_pci_slot\)_firmwareprobook_650_g8_firmwareprobook_446_g3_firmwarezbook_15_g4_firmwareelitebook_x360_1030_g4proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmwareelitebook_848_g4_firmwareelitedesk_800_g6_desktop_mini_pcdesktop_pro_microtower_pczhan_66_pro_15_g2280_g3_microtower_pc_firmwareelitedesk_800_g4_workstation_edition290_g1_small_form_factor_\(rom_family_ssid_843f\)proone_440_g5_23.8-in_all-in-one_business_pcelitebook_850_g4zhan_66_pro_g3_24_all-in-one_pc348_g3_firmwareelite_dragonfly_max205_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareproone_400_g2_20-inch_touch_all-in-one_pc280_g5_small_form_factor_\(rom_family_ssid_86e9\)_firmwareelitedesk_800_35w_g3_desktop_mini_pc_firmwareelitedesk_800_g6_tower_pc_firmwareprodesk_600_g6_microtower_pc_firmware246_g7zbook_15_g6elitedesk_880_g6_tower_pc_firmwareprodesk_600_g3_desktop_mini_pczbook_studio_g5elitebook_1040_g3_firmware280_g3_pci_microtower_pcelite_x2_1012_g2_firmwarezbook_15v_g5_mobile_workstation_firmwarerp9_g1_retail_systemprobook_650_g4elitebook_848_g4eliteone_800_g2_23-inch_non-touch_all-in-one_pceliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmwareprobook_640_g4prodesk_400_g4_microtower_pcelitedesk_800_35w_g2_desktop_mini_pcprodesk_600_g5_small_form_factor_pc_firmware256_g7_firmware288_pro_g3_microtower_firmwareelitebook_1030_g1200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwarez1_entry_tower_g6_firmwareelitebook_840_g6_healthcare_edition_firmwarezbook_15u_g4_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcpro_x2_612_g2_firmware200_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmware340_g4_firmwareprobook_640_g7280_g5_microtower_\(rom_family_ssid_877e\)_firmwareprobook_450_g5_firmwaremt22_thin_clientz1_entry_tower_g6zbook_fury_17_g7340_g7_firmwarezbook_15u_g5258_g7elitedesk_800_65w_g3_desktop_mini_pcelitedesk_880_g2_tower_pceliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmwareengage_one_all-in-one_system_firmwareelite_x2_g4_firmwarezbook_15u_g3_firmwarezhan_66_pro_14_g3_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_pcproone_400_g6_24_all-in-one_pc_firmware282_pro_g5_microtower_\(rom_family_ssid_86e9\)_firmware290_g4_microtower_\(rom_family_ssid_8948\)elitebook_830_g5prodesk_480_g5_microtower_pc_firmwaredesktop_pro_g2_firmwareelite_slice_for_meeting_roomsz240_tower280_g4_small_form_factor_\(rom_family_ssid_86e9\)mt20_thin_clientelitebook_folio_g1desktop_pro_300_g3zbook_17_g4proone_400_g2_20-inch_non-touch_all-in-one_pc_firmwaremp9_g4_retail_systemelitebook_840_g5_firmwarez2_small_form_factor_g5_firmwarezbook_14u_g6prodesk_400_g4_small_form_factor_pcprodesk_600_g4_desktop_mini_pc_firmwarezhan_86_pro_g2_microtower_\(rom_family_ssid_843c\)_firmware250_g7_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pceliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmwareelitebook_1040_g4282_pro_g3_microtower_pcelitedesk_800_95w_g4_desktop_mini_pc_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_pc348_g3prodesk_400_g4_small_form_factor_pc_firmwareprobook_470_g4_firmwarerp9_g1_retail_system_firmwareprodesk_680_g6_pci_microtower_pc280_g4_microtower_\(rom_family_ssid_843c\)_firmwareproone_400_g2_20-inch_touch_all-in-one_pc_firmware348_g5_firmware282_pro_g5_microtower_\(rom_family_ssid_86e9\)205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)zhan_66_pro_15_g3_firmwareproone_600_g6_22_all-in-one_pc_firmware282_pro_g3_microtower_pc_firmwareelitebook_x360_830_g7elitebook_x360_1030_g3_firmware280_pro_g6_microtower_\(rom_family_ssid_8948\)_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmwareelitebook_846_g5_firmwareprodesk_600_g3_microtower_pcelite_dragonfly_g2_firmware260_g4_desktop_mini_pcproone_400_g5_23.8-inch_all-in-one_business_pc246_g5256_g6_firmware288_pro_g6_microtower_\(rom_family_ssid_877e\)probook_440_g5prodesk_600_g4_microtower_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwarezbook_studio_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)elitedesk_880_g3_tower_pczbook_fury_15_g7prodesk_680_g3_microtower_pc_firmwareprobook_650_g3200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)probook_640_g5_firmwareprobook_650_g2elitebook_x360_1040_g8prodesk_400_g6_small_form_factor_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarez_vr_backpack_g1348_g7200_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmwareelitebook_828_g4348_g7_firmwareprobook_650_g2_firmwarezbook_15_g3proone_600_g5_21.5-in_all-in-one_business_pc_firmware288_pro_g5_microtower_\(rom_family_ssid_86e9\)eliteone_1000_g2_34-in_curved_all-in-one_business_pcprobook_450_g7_firmwareprobook_650_g4_firmware240_g6_firmware280_pro_g3_small_form_factor_\(rom_family_ssid_843f\)probook_640_g7_firmwarez2_mini_g4_firmwareelitebook_830_g6_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwareprobook_430_g6_firmwareprodesk_600_g5_microtower_pc_firmwareeliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmwareelitedesk_880_g6_tower_pcelitebook_x360_1030_g8zbook_create_g7_firmwareeliteone_800_g6_27_all-in-one_pcprodesk_600_g6_desktop_mini_pczbook_17_g6_firmwareelitedesk_800_g2_small_form_factor_pc_firmwarez_vr_backpack_g1_firmwareelitebook_840_g7zhan_66_pro_g1_microtower_pcz6_g4_workstationzbook_studio_g7elitebook_x360_1030_g2_firmware218_pro_g5_microtower_pc_firmware340_g4282_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwarezhan_66_pro_14_g2elite_slice_g2_-_audio_ready_with_zoom_roomsz4_g4_workstation_\(xeon_w\)_firmwarepro_x2_612_g2z1_all-in-one_g3240_g5prodesk_400_g5_microtower_pcelitebook_850_g3prodesk_400_g5_microtower_pc_firmwareeliteone_800_g5_23.8-inch_all-in-one_firmwareelitedesk_880_g4_tower_pcelitedesk_800_g4_small_form_factor_pc_firmwareprobook_640_g3_firmwarez2_mini_g3_firmwaret430_thin_client_firmwareprobook_430_g4_firmwareprodesk_400_g6_desktop_mini_pc_firmware280_pro_g3_small_form_factor_\(rom_family_ssid_843f\)_firmwareproone_400_g3_20-inch_touch_all-in-one_pcengage_flex_pro-c_retail_systemprobook_650_g3_firmwareprobook_470_g5258_g6elitedesk_880_g5_tower_pc_firmware240_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwareelitebook_x360_1030_g2elitebook_830_g7elite_dragonfly_max_firmwarespectre_pro_x360_g2_firmwareprodesk_400_g4_microtower_pc_firmwarezbook_x2_g4_firmwareelite_slice_for_meeting_rooms_firmwareproone_490_g3_\(rom_family_ssid_82dc\)340_g7z6_g4_workstation_firmwareprodesk_600_g4_desktop_mini_pc280_g4_small_form_factor_\(rom_family_ssid_8768\)290_g3_\(rom_family_ssid_86e9\)prodesk_600_g5_desktop_mini_pc_firmwareprobook_650_g5prodesk_600_g5_microtower_pcelitebook_x360_1020_g2_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pcz8_g4_workstation_firmwareeliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmwareprobook_440_g7eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc260_g2_desktop_mini340_g5proone_600_g2_21.5-inch_touch_all-in-one_pc_firmwareprobook_640_g8elitebook_830_g5_firmwareprodesk_680_g4_microtower_pc282_pro_g6_microtower_\(rom_family_ssid_8948\)346_g3mp9_g4_retail_system_firmwareprobook_650_g8elitebook_836_g6_firmware280_g3_pci_microtower_pc_firmwareelitedesk_800_g5_small_form_factor_pc_firmwareproone_400_g5_23.8-inch_all-in-one_business_pc_firmwareprobook_640_g2elitebook_850_g6_firmwaremp9_g2_retail_systemprobook_440_g3_firmware346_g4_firmwareelitebook_846_g5zbook_firefly_15_g7_firmwareprobook_440_g6282_pro_g6_microtower_\(rom_family_ssid_8948\)_firmwareproone_490_g3_\(rom_family_ssid_81b7\)_firmwaredesktop_pro_300_g3_firmware340_g3_firmwareelitedesk_800_g3_tower_pczbook_studio_x360_g5elitebook_x360_830_g7_firmwareproone_400_g6_20_all-in-one_pc205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmwarezhan_66_pro_g1_r_microtower_pcelitebook_840_g4_firmware250_g4probook_450_g8zbook_17_g5eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pczbook_firefly_14_g7probook_640_g5zbook_17_g5_firmwareelitebook_850_g5246_g7_firmwareprodesk_600_g6_pci_microtower_pc_firmware200_g3_all-in-one_\(rom_family_ssid_84de\)_firmwareelitebook_840_g5eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmwarezbook_15u_g5_firmwareprobook_650_g7_firmwarezhan_66_pro_14_g4eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmwareeliteone_800_g6_27_all-in-one_pc_firmwareelitebook_850_g7zbook_15_g6_firmwareprodesk_400_g7_small_form_factor_pc_firmwareelitebook_840_g5_healthcare_edition_firmwareprobook_x360_11_g3_education_edition_firmwareproone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmwarezbook_15u_g6_firmwareelitedesk_800_65w_g3_desktop_mini_pc_firmware260_g2_desktop_mini_firmwareelitedesk_880_g5_tower_pcelite_x2_1013_g3_firmwareelitedesk_800_95w_g4_desktop_mini_pcelite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmwareproone_400_g5_20-inch_all-in-one_business_pcelitedesk_800_g3_small_form_factor_pc_firmware280_pro_g6_microtower_\(rom_family_ssid_8948\)elitebook_x360_1040_g5elitebook_x360_1040_g8_firmwareelitebook_x360_830_g5_firmwareproone_400_g6_24_all-in-one_pcz640_workstation280_g3_microtower_pcproone_480_g3_20-inch_non-touch_all-in_one_pcproone_400_g3_20-inch_non-touch_all-in-one_pc_firmwareelite_dragonfly_firmwareelitebook_840_g4stream_11_pro_g5_firmwarez4_g4_workstation_\(core-x\)zhan_66_pro_14_g2_firmwareelitebook_820_g3_firmwarezbook_15_g5_firmware290_g2_microtower_\(rom_family_ssid_843c\)_firmwareeliteone_800_g5_23.8-inch_all-in-oneprobook_450_g5elite_slice_g2_with_intel_unite_firmwaret638_thin_client_firmwarez840_workstation_firmwareelitebook_840r_g4_firmwareprodesk_600_g3_small_form_factor_pcprobook_x360_11_g6_education_editioneliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pct638_thin_client280_pro_g4_microtower_\(rom_family_ssid_843c\)256_g7elitedesk_880_g4_tower_pc_firmwareprodesk_600_g2_small_form_factor_pc_firmwareelitedesk_800_g5_desktop_mini_pc_firmwareelitebook_840r_g4elitebook_836_g5_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware246_g6elitebook_x360_1030_g7290_g1_microtower_pczhan_x_13_g2_firmwareeliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware246_g5_firmwareeliteone_800_g3_23.8-inch_non-touch_all-in-one_pcz8_g4_workstationelite_x2_1013_g3200_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)desktop_pro_g1_microtower_\(rom_family_ssid_843c\)elitedesk_800_65w_g4_desktop_mini_pcelitebook_850_g4_firmwareprobook_430_g6elitedesk_800_g2_small_form_factor_pcprodesk_400_g6_microtower_pc_firmwareelite_slice_g2_with_microsoft_teams_rooms_firmwarezhan_99_pro_g1_microtower_\(rom_family_ssid_843c\)elitedesk_800_g6_small_form_factor_pcprobook_470_g3_firmwareprobook_450_g4_firmwareelitebook_850_g6470_g7_firmware290_g4_microtower_\(rom_family_ssid_877e\)_firmware200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelitedesk_800_35w_g3_desktop_mini_pcprodesk_480_g6_microtower_pc280_g5_microtower_\(rom_family_ssid_877e\)probook_640_g2_firmwarezbook_fury_17_g7_firmwareelitebook_820_g4_firmwareelitebook_820_g4elitebook_836_g6elitebook_x360_830_g5290_g1_microtower_pc_firmware290_g2_small_form_factor_\(rom_family_ssid_8768\)probook_x360_11_g2_education_editionproone_440_g6_24_all-in-one_pc_firmwareproone_440_g3_\(rom_family_ssid_82dc\)_firmwareeliteone_1000_g1_34-in_curved_all-in-one_business_pcelitebook_836_g5prodesk_400_g5_desktop_mini_pc_firmwareprodesk_400_g2_desktop_mini_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pc_firmwareproone_600_g2_21.5-inch_touch_all-in-one_pcprobook_x360_440_g1proone_400_g3_20-inch_touch_all-in-one_pc_firmwarez4_g4_workstation_\(xeon_w\)z440_workstationz1_entry_tower_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)prodesk_600_g2_desktop_mini_pc_firmwareelitebook_850_g5_firmwareprobook_440_g7_firmwaresprout_pro_by_g2_firmwareelitebook_1040_g4_firmware250_g7zbook_14u_g5_firmware258_g7_firmware205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelitedesk_800_g5_tower_pc_firmware288_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwareelite_x2_1012_g1_tablet_firmwareelitebook_x360_830_g6probook_450_g3_firmwareprobook_440_g5_firmwarezbook_17_g3_firmwareelitebook_830_g6elitebook_820_g3zcentral_4r_firmware340s_g7probook_650_g5_firmwareprobook_450_g6z2_small_form_factor_g4zbook_power_g7prodesk_400_g6_desktop_mini_pcprobook_440_g6_firmwareelitebook_828_g3_firmwareeliteone_800_g4_23.8-inch_touch_all-in-one_pcelitebook_850_g7_firmwarezhan_66_pro_g3_22_all-in-one_pc_firmwarez2_mini_g5elitebook_x360_1030_g8_firmwareprobook_11_g2_education_editionzbook_x2_g4zbook_firefly_14_g7_firmwareprodesk_480_g7_pci_microtower_pc_firmwareprodesk_600_g6_desktop_mini_pc_firmware280_g4_microtower_\(rom_family_ssid_843c\)proone_400_g6_20_all-in-one_pc_firmwareprodesk_400_g7_small_form_factor_pcspectre_pro_13_g1elitebook_830_g7_firmwareprobook_470_g5_firmwareelitebook_840_g7_firmwarezhan_66_pro_g3_22_all-in-one_pc200_g3_all-in-one_\(rom_family_ssid_84de\)256_g6260_g3_desktop_mini_pc_firmwareprodesk_600_g5_microtower_pc_\(with_pci_slot\)eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware280_g4_small_form_factor_\(rom_family_ssid_8768\)_firmware200_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelite_slice_g2_-_audio_ready_with_zoom_rooms_firmwarez440_workstation_firmware290_g2_microtower_\(rom_family_ssid_843c\)elitedesk_800_g5_small_form_factor_pcproone_440_g6_24_all-in-one_pcprodesk_600_g2_small_form_factor_pczhan_86_pro_g1_microtower_pc_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pceliteone_800_g4_23.8-inch_non-touch_all-in-one_pcprobook_440_g8_firmwareelitebook_840_g6_healthcare_editioneliteone_800_g6_24_all-in-one_pc_firmwarezbook_17_g4_firmwareprodesk_400_g7_microtower_pct430_thin_clientdesktop_pro_g3_microtower_firmware246_g4_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwareprobook_11_g2_education_edition_firmwareelite_slice_g2_with_zoom_roomsproone_440_g3_\(rom_family_ssid_82dc\)elitebook_x360_1020_g2elitebook_1050_g1_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwareprobook_430_g8_firmwareprodesk_680_g2_microtower_pcdesktop_pro_microtower_pc_firmwarezbook_15u_g4proone_400_g2_20-inch_non-touch_all-in-one_pc348_g4_firmwaredesktop_pro_g3_microtowerelite_x2_1012_g1_firmwareproone_490_g3_\(rom_family_ssid_82dc\)_firmwareprobook_x360_11_g4_education_editionprobook_430_g5HP PC BIOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-33505
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.47%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 10:26
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.

Action-Not Available
Vendor-falcon/a
Product-falcon/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-34741
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.36% / 58.63%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 21:56
Updated-17 Dec, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-783
Operator Precedence Logic Error
CVE-2021-33526
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:24
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in mbDIALUP <= 3.9R0.0

In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.

Action-Not Available
Vendor-mbconnectlineMB connect line
Product-mbdialupmbDIALUP
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-34332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.65%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API.

Action-Not Available
Vendor-n/asisoftware
Product-n/asandra
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-1326
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.7||HIGH
EPSS-5.05% / 89.88%
||
7 Day CHG~0.00%
Published-13 Apr, 2023 | 22:35
Updated-07 Feb, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
local privilege escalation in apport-cli

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.

Action-Not Available
Vendor-Canonical Ltd.
Product-apportubuntu_linuxApport
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-31833
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.84%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 09:45
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.

Action-Not Available
Vendor-McAfee, LLC
Product-application_and_change_controlMcAfee Application and Change Control (MACC)
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-33656
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.33%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 16:16
Updated-12 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Leak in SmmComuptrace Module

The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms

Action-Not Available
Vendor-AMI
Product-aptio_vAptioVaptio_v
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-31954
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.26% / 79.61%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-32906
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.68%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-08 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid_kernel
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-30989
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.02% / 7.17%
||
7 Day CHG~0.00%
Published-16 Jul, 2023 | 22:40
Updated-30 Oct, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i privilege escalation

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-32849
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.36%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 21:17
Updated-30 Jul, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-maximum_security_2022windowsmaximum_security_2023Trend Micro Maximum Security (Consumer)maximum_security
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-31168
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 56.01%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Container Manager Service Elevation of Privilege Vulnerability

Windows Container Manager Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows Server version 2004Windows 10 Version 2004Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-29449
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-10.94% / 93.50%
||
7 Day CHG-0.42%
Published-14 Apr, 2021 | 22:05
Updated-06 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Privilege Escalation Vulnerabilities Pihole

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.

Action-Not Available
Vendor-pi-holepi-hole
Product-pi-holepi-hole
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-27454
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.04%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 19:33
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).

Action-Not Available
Vendor-gen/a
Product-reason_dr60reason_dr60_firmwareReason DR60
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-3990
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.68%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 18:52
Updated-28 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.

Action-Not Available
Vendor-HP Inc.
Product-hpsfviewerHPSFViewer
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-27767
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.64%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 18:10
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Platform Console is affected by a Privilege Escalation Vulnerability

The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_platformBigFix Platform
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-28250
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.84%
||
7 Day CHG~0.00%
Published-26 Mar, 2021 | 07:18
Updated-03 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-n/a
Product-ehealth_performance_managern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-31318
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 14.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:09
Updated-17 Dec, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-862
Missing Authorization
CVE-2021-27077
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.22% / 84.71%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:50
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-31311
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.82%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:09
Updated-17 Dec, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-31757
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.08%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 17:37
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component.

Action-Not Available
Vendor-n/aterabyte_unlimited
Product-n/aimage
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-27766
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.64%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 18:10
Updated-17 Sep, 2024 | 03:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability

The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_platformBigFix Platform
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-25418
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-internetSamsung Internet
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-31313
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 14.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:09
Updated-17 Dec, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25657
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.65%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 01:05
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avaya IP Office Privilege Escalation Vulnerability

A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.

Action-Not Available
Vendor-Avaya LLC
Product-ip_officeIP Office
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-25428
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.01% / 3.53%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:43
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26441
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.83%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:26
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-25630
Matching Score-4
Assigner-Document Foundation, The
ShareView Details
Matching Score-4
Assigner-Document Foundation, The
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.10%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 15:33
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.

Action-Not Available
Vendor-collaboraofficeCollabora ProductivityThe Document Foundation
Product-onlineLibreOffice OnlineCollabora Online
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-31320
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.4||HIGH
EPSS-0.68% / 71.85%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:11
Updated-17 Dec, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CVE-2022-20360
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 3.26%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:24
Updated-20 Oct, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-862
Missing Authorization
CVE-2022-48019
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.17%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload.

Action-Not Available
Vendor-wfsn/a
Product-another_edenn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-31325
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 14.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:09
Updated-17 Dec, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-31334
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.49%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:11
Updated-17 Dec, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Imagination Technologies LimitedGoogle LLC
Product-androidAndroidpowervr-gpu
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-23887
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.64%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 07:55
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in McAfee DLP Endpoint for Windows

Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.

Action-Not Available
Vendor-McAfee, LLC
Product-data_loss_prevention_endpointMcAfee Data Loss Prevention (DLP) Endpoint for Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-31756
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.08%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 19:57
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.

Action-Not Available
Vendor-n/amarvintest_solutions
Product-n/ahardware_access_driver
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-24102
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.94%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-29784
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.7||HIGH
EPSS-0.03% / 8.49%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidpixel
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-24038
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.99%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 23:35
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.

Action-Not Available
Vendor-OculusFacebook
Product-desktopOculus Desktop
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-24096
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.71% / 90.53%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-23874
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-8.2||HIGH
EPSS-0.73% / 72.91%
||
7 Day CHG-0.12%
Published-10 Feb, 2021 | 10:25
Updated-03 Nov, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
McAfee Total Protection (MTP) privilege escalation vulnerability

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

Action-Not Available
Vendor-McAfee, LLC
Product-total_protectionMcAfee Total Protection (MTP)McAfee Total Protection (MTP)
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-59514
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 17.07%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2008windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows Server 2025Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-22732
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.64%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:19
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server.

Action-Not Available
Vendor-n/a
Product-homelynkspacelynk_firmwarehomelynk_firmwarespacelynkhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-21911
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)Microsoft Corporation
Product-windowsr-seenetAdvantech
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 14
  • 15
  • Next
Details not found