Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-53706

Summary
Assigner-sonicwall
Assigner Org ID-44b2ff79-1416-4492-88bb-ed0da00c7315
Published At-09 Jan, 2025 | 07:05
Updated At-09 Jan, 2025 | 15:31
Rejected At-
Credits

A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:sonicwall
Assigner Org ID:44b2ff79-1416-4492-88bb-ed0da00c7315
Published At:09 Jan, 2025 | 07:05
Updated At:09 Jan, 2025 | 15:31
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.

Affected Products
Vendor
SonicWall Inc.SonicWall
Product
SonicOS
Platforms
  • Gen7 NSv Cloud platform
Default Status
unknown
Versions
Affected
  • 7.1.1-7058 and older versions
  • 7.1.2-7019
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
vendor-advisory
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT@sonicwall.com
Published At:09 Jan, 2025 | 07:15
Updated At:09 Jan, 2025 | 16:16

A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-269SecondaryPSIRT@sonicwall.com
CWE ID: CWE-269
Type: Secondary
Source: PSIRT@sonicwall.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003PSIRT@sonicwall.com
N/A
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
Source: PSIRT@sonicwall.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

703Records found
CVE-2022-20360
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 2.80%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:24
Updated-20 Oct, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-862
Missing Authorization
CVE-2021-44021
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-03 Dec, 2021 | 10:50
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-worry-free_business_securityTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-20356
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4||MEDIUM
EPSS-0.02% / 5.03%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:23
Updated-08 Sep, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-1823
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.9||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:15
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
McAfee MCPR privilege escalation

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file.

Action-Not Available
Vendor-McAfee, LLC
Product-consumer_product_removal_toolMcAfee Consumer Product Removal Tool
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-1256
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.87%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 13:45
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Privilege Management in McAfee Agent for Windows

A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent for Windows
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-43019
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.01% / 1.58%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 15:25
Updated-20 Jan, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP Support Assistant – Potential Escalation of Privilege

A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.

Action-Not Available
Vendor-HP Inc.
Product-support_assistantHP Support Assistant
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-0556
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.35%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 11:50
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zyxel_ap_configuratorZyxel AP Configurator (ZAC)
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-13405
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.11%
||
7 Day CHG-0.00%
Published-06 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/LinuxF5, Inc.
Product-enterprise_linux_serverubuntu_linuxbig-ip_webacceleratorvirtualizationbig-ip_application_acceleration_managerbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linux_server_ausenterprise_linux_ausbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerbig-ip_edge_gatewaydebian_linuxlinux_kernelbig-ip_link_controllermrg_realtimeenterprise_linux_workstationfedoraenterprise_linux_eusbig-ip_access_policy_managerenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_for_real_timen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-45440
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-08 Jan, 2022 | 15:51
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-36631
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.92%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 14:34
Updated-23 Oct, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

Action-Not Available
Vendor-Tenable, Inc.Microsoft Corporation
Product-nessus_agentwindowsAgent
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-44020
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-03 Dec, 2021 | 10:50
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-worry-free_business_securityTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-44019
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-03 Dec, 2021 | 10:50
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-worry-free_business_securityTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-36633
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.01% / 1.93%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 14:21
Updated-23 Oct, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.

Action-Not Available
Vendor-Tenable, Inc.Microsoft Corporation
Product-nessus_agentwindowsAgent
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41366
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.35%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability

Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42105
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.64%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42104
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.64%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-33187
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.01% / 2.73%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:57
Updated-02 Dec, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42322
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.30%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:47
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Elevation of Privilege Vulnerability

Visual Studio Code Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41345
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.52%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:28
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41367
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.43%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

NTFS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42277
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 49.44%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:47
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_11windows_10windows_server_2022visual_studio_2017windows_server_2019Windows Server 2022Windows 10 Version 1607Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Microsoft Visual Studio 2015 Update 3Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Windows 10 Version 1507Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Windows Server 2019
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42082
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.89%
||
7 Day CHG-0.01%
Published-10 Jul, 2023 | 06:29
Updated-22 Sep, 2025 | 06:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355

Local users are able to execute scripts under root privileges. POC On the local host run the following command: curl 'localhost:8154/qstor/qs_upgrade.py?taskId=1&a=;`whoami`'

Action-Not Available
Vendor-osnexusOSNEXUS
Product-quantastorQuantaStor
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41339
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.21% / 43.36%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41370
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.93%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

NTFS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42280
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.51%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:47
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Feedback Hub Elevation of Privilege Vulnerability

Windows Feedback Hub Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40489
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.65%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-39797
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.64%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40466
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.98%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40477
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.00%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-39782
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.48%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40470
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.62%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Elevation of Privilege Vulnerability

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40124
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.77%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:36
Updated-07 Nov, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-anyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-39784
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.48%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40478
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.44%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-39807
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.64%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-209446496

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40443
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.98%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:26
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41022
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.38%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 18:23
Updated-25 Oct, 2024 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts

Action-Not Available
Vendor-Fortinet, Inc.Microsoft Corporation
Product-fortisiemwindowsFortinet FortiSIEMWindowsAgent
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38633
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.57%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-18 Nov, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38634
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.24% / 47.13%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Update Client Elevation of Privilege Vulnerability

Microsoft Windows Update Client Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38626
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.85%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38630
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.93%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-33188
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-8||HIGH
EPSS-0.02% / 3.28%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:57
Updated-02 Dec, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38625
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.85%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38639
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.77% / 73.20%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-37942
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-7||HIGH
EPSS-0.09% / 26.22%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 01:33
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.

Action-Not Available
Vendor-Elasticsearch BV
Product-apm_java_agentElastic APM Java Agent
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3808
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.34%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 20:52
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-zbook_17_g4mp9_g4_retail_systemproone_600_g4_21.5-inch_touch_all-in-one_business_pcelitebook_840_g5_firmwarezbook_15_g4zbook_14u_g6prodesk_400_g4_small_form_factor_pchp_z1_entry_tower_g5zhan_66_pro_15_g2_firmwareprodesk_600_g5_small_form_factor_pcprodesk_600_g4_desktop_mini_pc_firmwareelitebook_1040_g4elitedesk_800_35w_g4_desktop_mini_pc_firmwareelitedesk_800_95w_g4_desktop_mini_pc_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_pcprobook_x360_11_g2_ee_firmwareelitebook_735_g6_firmwareprodesk_400_g4_small_form_factor_pc_firmwareelitebook_x360_1030_g4_firmwareprobook_470_g4_firmwareprobook_x360_11_g3_ee_firmwarezhan_66_pro_13_g2hp_z2_mini_g5hp_mt21_mobile_thin_client_firmwareelitebook_755_g5_firmwarezbook_17_g6hp_z2_tower_g5engage_flex_pro_retail_systemelitedesk_705_g4_workstationhp_mt21_mobile_thin_clientelite_sliceelitebook_x360_1030_g3_firmwarehp_z2_mini_g4_firmwareprobook_640_g3probook_445r_g6_firmwareelitedesk_705_g4_desktop_mini_pc_firmwareprodesk_400_g6_small_form_factor_pcelitebook_846_g5_firmwareprodesk_600_g5_desktop_mini_pcelitedesk_800_g4_tower_pcprodesk_600_g3_microtower_pcelitebook_735_g5proone_400_g5_23.8-inch_all-in-one_business_pcprobook_640_g4_firmwareprobook_655_g3_firmwareprobook_440_g5prodesk_600_g4_microtower_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwarezbook_studio_g5_firmwareelitedesk_880_g3_tower_pcprodesk_680_g3_microtower_pc_firmwareprodesk_600_g3_desktop_mini_pc_firmwareprobook_650_g3probook_640_g5_firmwareelite_slice_g2_firmwareprodesk_400_g6_small_form_factor_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarehp_z240_small_form_factor_firmwareelitebook_828_g4proone_600_g5_21.5-in_all-in-one_business_pc_firmwareelitebook_735_g6probook_455_g4probook_650_g4_firmwareelitebook_830_g6_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwarezbook_studio_x360_g5_firmwareprobook_430_g6_firmwareprodesk_600_g5_microtower_pc_firmwarezbook_17_g6_firmwareprodesk_400_g3_desktop_mini_pc_firmwareprobook_445_g6_firmwareeliteone_800_g4_23.8-in_all-in-one_business_pchp_z1_all-in-one_g3_firmwareelitebook_x360_1030_g2_firmwarezhan_66_pro_14_g2elitedesk_705_g4_desktop_mini_pcpro_x2_612_g2engage_flex_pro_retail_system_firmwareprodesk_400_g5_microtower_pcprodesk_400_g3_desktop_mini_pcprodesk_400_g5_microtower_pc_firmwareprodesk_405_g4_desktop_mini_pc_firmwareengage_flex_pro-c_retail_system_firmwareelitedesk_880_g4_tower_pcproone_440_g5_23.8-in_all-in-one_business_pc_firmwareelitedesk_800_g4_small_form_factor_pc_firmwareelitedesk_800_g4_small_form_factor_pcprobook_640_g3_firmwareprodesk_480_g4_microtower_pcelitebook_745_g6_firmwarezbook_14u_g5probook_430_g4probook_430_g4_firmwareproone_400_g3_20-inch_touch_all-in-one_pcengage_flex_pro-c_retail_systemzbook_14u_g4probook_650_g3_firmwareprobook_470_g5elitedesk_705_g3_microtower_pc_firmwareelitebook_745_g6probook_455_g6_firmwarehp_z2_mini_g4elitedesk_880_g5_tower_pc_firmwareprodesk_480_g6_microtower_pc_firmwareelitebook_x360_1030_g2hp_z2_tower_g4_firmwareelitedesk_705_g5_desktop_mini_pc_firmwareelitedesk_705_g5_small_form_factor_pcelitedesk_800_g5_tower_pcprobook_645_g4_firmwareprodesk_400_g4_desktop_mini_pc_firmwareprodesk_400_g4_microtower_pc_firmwareelitedesk_705_g5_small_form_factor_pc_firmwarezbook_x2_g4_firmwareelitebook_x360_1040_g6probook_455r_g6elite_dragonflyzhan_x_13_g2prodesk_600_g4_desktop_mini_pchp_z1_entry_tower_g5_firmwareeliteone_800_g5_23.8-in_all-in-oneprodesk_600_g5_desktop_mini_pc_firmwareprobook_655_g3probook_650_g5prodesk_600_g5_microtower_pczbook_15u_g6elitebook_x360_1020_g2_firmwarehp_z240_tower_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pchp_z240_towerprobook_450_g4probook_x360_11_g3_eeprobook_445_g6probook_455r_g6_firmwareelitebook_830_g5_firmwareprodesk_680_g4_microtower_pcmp9_g4_retail_system_firmwareprodesk_600_g4_small_form_factor_pcelitebook_836_g6_firmwareelitedesk_800_g4_workstationelitedesk_800_g5_small_form_factor_pc_firmwareengage_go_mobile_systemproone_400_g5_23.8-inch_all-in-one_business_pc_firmwarehp_z2_mini_g3prodesk_400_g6_microtower_pcelitedesk_800_g3_small_form_factor_pchp_z1_all-in-one_g3elitebook_850_g6_firmwareprobook_455_g5elitedesk_705_g3_desktop_mini_pcprobook_645_g3probook_430_g5_firmwarehp_z2_mini_g3_firmwareelitebook_846_g5elite_x2_g4prodesk_400_g5_small_form_factor_pc_firmwareprodesk_480_g4_microtower_pc_firmwareprobook_440_g6elite_slice_firmwareelitebook_745_g4zbook_studio_x360_g5elitedesk_705_g4_small_form_factor_pc_firmwareelitedesk_800_g3_tower_pceliteone_800_g3_23.8_non-touch_all-in-one_business_pcelitebook_745_g5elitedesk_705_g3_microtower_pchp_z2_small_form_factor_g4_firmwarehp_z238_microtower_firmwarezbook_14u_g4_firmwareproone_400_g3_20-inch_non-touch_all-in-one_pcelitebook_840_g4_firmwareprodesk_600_g4_small_form_factor_pc_firmwarezbook_17_g5probook_640_g5zbook_17_g5_firmwareelitebook_850_g5probook_455_g4_firmwarezbook_studio_g4_firmwareelitebook_828_g4_firmwareelitebook_840_g5prodesk_405_g4_small_form_factor_pc_firmwarezbook_15u_g5_firmwareelitebook_x360_1040_g5_firmwareelitebook_725_g4_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pc_firmwareelitebook_x360_1040_g6_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g5_desktop_mini_pczhan_66_pro_g1zbook_15_g6_firmwareprobook_11_ee_g2zbook_15u_g6_firmwareelitedesk_800_65w_g3_desktop_mini_pc_firmwareelitedesk_880_g5_tower_pcelite_x2_1013_g3_firmwareelitedesk_800_95w_g4_desktop_mini_pcproone_400_g5_20-inch_all-in-one_business_pcelitedesk_800_g3_small_form_factor_pc_firmwareprobook_440_g4probook_x360_11_g4_ee_firmwareelitebook_x360_830_g5_firmwareelitedesk_705_g3_small_form_factor_pchp_z2_small_form_factor_g4prodesk_600_g3_small_form_factor_pc_firmwareelitebook_x360_1040_g5elitebook_840_g6zbook_15_g5elitedesk_705_g4_microtower_pczbook_studio_g4prodesk_680_g3_microtower_pcprodesk_680_g4_microtower_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pcelitedesk_800_35w_g4_desktop_mini_pcproone_400_g3_20-inch_non-touch_all-in-one_pc_firmwareelitedesk_800_g5_desktop_mini_pcelite_dragonfly_firmwareelitebook_840_g4zhan_66_pro_14_g2_firmwarezbook_15_g5_firmwareprobook_645_g3_firmwareprodesk_400_g4_desktop_mini_pcprobook_450_g5proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareelitebook_840r_g4_firmwareprobook_470_g4prodesk_600_g3_small_form_factor_pcelitedesk_880_g4_tower_pc_firmwareelitebook_725_g4elitedesk_800_g5_desktop_mini_pc_firmwareelitebook_735_g5_firmwareelite_x2_1012_g2elitebook_840_g6_firmwareelitedesk_705_g3_desktop_mini_pc_firmwareelitebook_840r_g4elitebook_836_g5_firmwareengage_one_aio_systemprobook_440_g4_firmwareprobook_x360_11_g4_eezhan_x_13_g2_firmwareprobook_455_g5_firmwareelite_x2_1013_g3prodesk_400_g5_desktop_mini_pcprodesk_600_g4_microtower_pc_firmwarezhan_66_pro_g1_firmwareelitebook_1050_g1prodesk_600_g3_microtower_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pcelitebook_x360_830_g6_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_business_pcelitebook_850_g4_firmwareprobook_430_g6prodesk_400_g6_microtower_pc_firmwarehp_mt45_mobile_thin_client_firmwareprodesk_405_g4_small_form_factor_pchp_z2_small_form_factor_g5_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pcprodesk_480_g5_microtower_pcprobook_450_g4_firmwareelitebook_850_g6elitedesk_800_35w_g3_desktop_mini_pceliteone_800_g4_23.8-in_all-in-one_business_pc_firmwareprodesk_480_g6_microtower_pcprobook_11_ee_g2_firmwareelitebook_820_g4_firmwareelitedesk_800_g3_tower_pc_firmwareelitebook_820_g4elitebook_836_g6elitebook_x360_830_g5zbook_14u_g6_firmwareprobook_645_g4probook_x360_440_g1_firmwareelitedesk_800_g4_tower_pc_firmwareelitebook_x360_1030_g3hp_z2_tower_g4elitebook_836_g5prodesk_400_g5_desktop_mini_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pc_firmwareprodesk_400_g5_small_form_factor_pchp_z240_small_form_factorprobook_x360_440_g1proone_400_g3_20-inch_touch_all-in-one_pc_firmwarehp_z2_mini_g5_firmwarehp_z2_tower_g5_firmwareelitebook_850_g5_firmwareelitebook_1040_g4_firmwarehp_mt44_mobile_thin_clientelitedesk_880_g3_tower_pc_firmwareproone_600_g5_21.5-in_all-in-one_business_pczbook_14u_g5_firmwareelitebook_755_g5probook_445r_g6elitedesk_800_g5_tower_pc_firmwareelitebook_x360_830_g6probook_440_g5_firmwarehp_z238_microtowerelitebook_830_g6zbook_15_g4_firmwareelitebook_x360_1030_g4proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmwareelitebook_848_g4_firmwareprobook_x360_11_g2_eezhan_66_pro_15_g2probook_650_g5_firmwareelitebook_745_g5_firmwareprobook_450_g6elitedesk_705_g4_small_form_factor_pcengage_go_mobile_system_firmwareproone_440_g5_23.8-in_all-in-one_business_pcprobook_440_g6_firmwareelitebook_850_g4hp_mt31_mobile_thin_client_firmwareelitebook_745_g4_firmwareeliteone_800_g3_23.8_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g4_workstation_firmwareelitedesk_800_35w_g3_desktop_mini_pc_firmwarezbook_x2_g4elitebook_755_g4_firmwarezbook_15_g6elitedesk_705_g3_small_form_factor_pc_firmwareprodesk_600_g3_desktop_mini_pczbook_studio_g5elite_x2_1012_g2_firmwareprobook_470_g5_firmwareprobook_650_g4elitebook_848_g4engage_one_aio_system_firmwareprobook_640_g4prodesk_400_g4_microtower_pcelitedesk_705_g4_microtower_pc_firmwareprodesk_600_g5_small_form_factor_pc_firmwareprobook_430_g5engage_go_10_mobile_systemelitedesk_800_g5_small_form_factor_pcprobook_455_g6engage_go_10_mobile_system_firmwarehp_z2_small_form_factor_g5zbook_15u_g4_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pchp_mt45_mobile_thin_clientzbook_17_g4_firmwareprodesk_405_g4_desktop_mini_pchp_mt44_mobile_thin_client_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcpro_x2_612_g2_firmwareelitedesk_800_g4_workstation_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwarehp_mt31_mobile_thin_clientelitebook_x360_1020_g2probook_450_g5_firmwareelitebook_1050_g1_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwarezbook_15u_g5elitedesk_800_65w_g3_desktop_mini_pceliteone_800_g5_23.8-in_all-in-one_firmwarezbook_15u_g4elite_x2_g4_firmwareelitebook_830_g5prodesk_480_g5_microtower_pc_firmwareelite_slice_g2elitebook_755_g4HP PC BIOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3809
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.34%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 20:53
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-zbook_17_g4mp9_g4_retail_systemproone_600_g4_21.5-inch_touch_all-in-one_business_pcelitebook_840_g5_firmwarezbook_15_g4zbook_14u_g6prodesk_400_g4_small_form_factor_pchp_z1_entry_tower_g5zhan_66_pro_15_g2_firmwareprodesk_600_g5_small_form_factor_pcprodesk_600_g4_desktop_mini_pc_firmwareelitebook_1040_g4elitedesk_800_35w_g4_desktop_mini_pc_firmwareelitedesk_800_95w_g4_desktop_mini_pc_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_pcprobook_x360_11_g2_ee_firmwareelitebook_735_g6_firmwareprodesk_400_g4_small_form_factor_pc_firmwareelitebook_x360_1030_g4_firmwareprobook_470_g4_firmwareprobook_x360_11_g3_ee_firmwarezhan_66_pro_13_g2hp_z2_mini_g5hp_mt21_mobile_thin_client_firmwareelitebook_755_g5_firmwarezbook_17_g6hp_z2_tower_g5engage_flex_pro_retail_systemelitedesk_705_g4_workstationhp_mt21_mobile_thin_clientelite_sliceelitebook_x360_1030_g3_firmwarehp_z2_mini_g4_firmwareprobook_640_g3probook_445r_g6_firmwareelitedesk_705_g4_desktop_mini_pc_firmwareprodesk_400_g6_small_form_factor_pcelitebook_846_g5_firmwareprodesk_600_g5_desktop_mini_pcelitedesk_800_g4_tower_pcprodesk_600_g3_microtower_pcelitebook_735_g5proone_400_g5_23.8-inch_all-in-one_business_pcprobook_640_g4_firmwareprobook_655_g3_firmwareprobook_440_g5prodesk_600_g4_microtower_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwarezbook_studio_g5_firmwareelitedesk_880_g3_tower_pcprodesk_680_g3_microtower_pc_firmwareprodesk_600_g3_desktop_mini_pc_firmwareprobook_650_g3probook_640_g5_firmwareelite_slice_g2_firmwareprodesk_400_g6_small_form_factor_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarehp_z240_small_form_factor_firmwareelitebook_828_g4proone_600_g5_21.5-in_all-in-one_business_pc_firmwareelitebook_735_g6probook_455_g4probook_650_g4_firmwareelitebook_830_g6_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwarezbook_studio_x360_g5_firmwareprobook_430_g6_firmwareprodesk_600_g5_microtower_pc_firmwarezbook_17_g6_firmwareprodesk_400_g3_desktop_mini_pc_firmwareprobook_445_g6_firmwareeliteone_800_g4_23.8-in_all-in-one_business_pchp_z1_all-in-one_g3_firmwareelitebook_x360_1030_g2_firmwarezhan_66_pro_14_g2elitedesk_705_g4_desktop_mini_pcpro_x2_612_g2engage_flex_pro_retail_system_firmwareprodesk_400_g5_microtower_pcprodesk_400_g3_desktop_mini_pcprodesk_400_g5_microtower_pc_firmwareprodesk_405_g4_desktop_mini_pc_firmwareengage_flex_pro-c_retail_system_firmwareelitedesk_880_g4_tower_pcproone_440_g5_23.8-in_all-in-one_business_pc_firmwareelitedesk_800_g4_small_form_factor_pc_firmwareelitedesk_800_g4_small_form_factor_pcprobook_640_g3_firmwareprodesk_480_g4_microtower_pcelitebook_745_g6_firmwarezbook_14u_g5probook_430_g4probook_430_g4_firmwareproone_400_g3_20-inch_touch_all-in-one_pcengage_flex_pro-c_retail_systemzbook_14u_g4probook_650_g3_firmwareprobook_470_g5elitedesk_705_g3_microtower_pc_firmwareelitebook_745_g6probook_455_g6_firmwarehp_z2_mini_g4elitedesk_880_g5_tower_pc_firmwareprodesk_480_g6_microtower_pc_firmwareelitebook_x360_1030_g2hp_z2_tower_g4_firmwareelitedesk_705_g5_desktop_mini_pc_firmwareelitedesk_705_g5_small_form_factor_pcelitedesk_800_g5_tower_pcprobook_645_g4_firmwareprodesk_400_g4_desktop_mini_pc_firmwareprodesk_400_g4_microtower_pc_firmwareelitedesk_705_g5_small_form_factor_pc_firmwarezbook_x2_g4_firmwareelitebook_x360_1040_g6probook_455r_g6elite_dragonflyzhan_x_13_g2prodesk_600_g4_desktop_mini_pchp_z1_entry_tower_g5_firmwareeliteone_800_g5_23.8-in_all-in-oneprodesk_600_g5_desktop_mini_pc_firmwareprobook_655_g3probook_650_g5prodesk_600_g5_microtower_pczbook_15u_g6elitebook_x360_1020_g2_firmwarehp_z240_tower_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pchp_z240_towerprobook_450_g4probook_x360_11_g3_eeprobook_445_g6probook_455r_g6_firmwareelitebook_830_g5_firmwareprodesk_680_g4_microtower_pcmp9_g4_retail_system_firmwareprodesk_600_g4_small_form_factor_pcelitebook_836_g6_firmwareelitedesk_800_g4_workstationelitedesk_800_g5_small_form_factor_pc_firmwareengage_go_mobile_systemproone_400_g5_23.8-inch_all-in-one_business_pc_firmwarehp_z2_mini_g3prodesk_400_g6_microtower_pcelitedesk_800_g3_small_form_factor_pchp_z1_all-in-one_g3elitebook_850_g6_firmwareprobook_455_g5elitedesk_705_g3_desktop_mini_pcprobook_645_g3probook_430_g5_firmwarehp_z2_mini_g3_firmwareelitebook_846_g5elite_x2_g4prodesk_400_g5_small_form_factor_pc_firmwareprodesk_480_g4_microtower_pc_firmwareprobook_440_g6elite_slice_firmwareelitebook_745_g4zbook_studio_x360_g5elitedesk_705_g4_small_form_factor_pc_firmwareelitedesk_800_g3_tower_pceliteone_800_g3_23.8_non-touch_all-in-one_business_pcelitebook_745_g5elitedesk_705_g3_microtower_pchp_z2_small_form_factor_g4_firmwarehp_z238_microtower_firmwarezbook_14u_g4_firmwareproone_400_g3_20-inch_non-touch_all-in-one_pcelitebook_840_g4_firmwareprodesk_600_g4_small_form_factor_pc_firmwarezbook_17_g5probook_640_g5zbook_17_g5_firmwareelitebook_850_g5probook_455_g4_firmwarezbook_studio_g4_firmwareelitebook_828_g4_firmwareelitebook_840_g5prodesk_405_g4_small_form_factor_pc_firmwarezbook_15u_g5_firmwareelitebook_x360_1040_g5_firmwareelitebook_725_g4_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pc_firmwareelitebook_x360_1040_g6_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g5_desktop_mini_pczhan_66_pro_g1zbook_15_g6_firmwareprobook_11_ee_g2zbook_15u_g6_firmwareelitedesk_800_65w_g3_desktop_mini_pc_firmwareelitedesk_880_g5_tower_pcelite_x2_1013_g3_firmwareelitedesk_800_95w_g4_desktop_mini_pcproone_400_g5_20-inch_all-in-one_business_pcelitedesk_800_g3_small_form_factor_pc_firmwareprobook_440_g4probook_x360_11_g4_ee_firmwareelitebook_x360_830_g5_firmwareelitedesk_705_g3_small_form_factor_pchp_z2_small_form_factor_g4prodesk_600_g3_small_form_factor_pc_firmwareelitebook_x360_1040_g5elitebook_840_g6zbook_15_g5elitedesk_705_g4_microtower_pczbook_studio_g4prodesk_680_g3_microtower_pcprodesk_680_g4_microtower_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pcelitedesk_800_35w_g4_desktop_mini_pcproone_400_g3_20-inch_non-touch_all-in-one_pc_firmwareelitedesk_800_g5_desktop_mini_pcelite_dragonfly_firmwareelitebook_840_g4zhan_66_pro_14_g2_firmwarezbook_15_g5_firmwareprobook_645_g3_firmwareprodesk_400_g4_desktop_mini_pcprobook_450_g5proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareelitebook_840r_g4_firmwareprobook_470_g4prodesk_600_g3_small_form_factor_pcelitedesk_880_g4_tower_pc_firmwareelitebook_725_g4elitedesk_800_g5_desktop_mini_pc_firmwareelitebook_735_g5_firmwareelite_x2_1012_g2elitebook_840_g6_firmwareelitedesk_705_g3_desktop_mini_pc_firmwareelitebook_840r_g4elitebook_836_g5_firmwareengage_one_aio_systemprobook_440_g4_firmwareprobook_x360_11_g4_eezhan_x_13_g2_firmwareprobook_455_g5_firmwareelite_x2_1013_g3prodesk_400_g5_desktop_mini_pcprodesk_600_g4_microtower_pc_firmwarezhan_66_pro_g1_firmwareelitebook_1050_g1prodesk_600_g3_microtower_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pcelitebook_x360_830_g6_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_business_pcelitebook_850_g4_firmwareprobook_430_g6prodesk_400_g6_microtower_pc_firmwarehp_mt45_mobile_thin_client_firmwareprodesk_405_g4_small_form_factor_pchp_z2_small_form_factor_g5_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pcprodesk_480_g5_microtower_pcprobook_450_g4_firmwareelitebook_850_g6elitedesk_800_35w_g3_desktop_mini_pceliteone_800_g4_23.8-in_all-in-one_business_pc_firmwareprodesk_480_g6_microtower_pcprobook_11_ee_g2_firmwareelitebook_820_g4_firmwareelitedesk_800_g3_tower_pc_firmwareelitebook_820_g4elitebook_836_g6elitebook_x360_830_g5zbook_14u_g6_firmwareprobook_645_g4probook_x360_440_g1_firmwareelitedesk_800_g4_tower_pc_firmwareelitebook_x360_1030_g3hp_z2_tower_g4elitebook_836_g5prodesk_400_g5_desktop_mini_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pc_firmwareprodesk_400_g5_small_form_factor_pchp_z240_small_form_factorprobook_x360_440_g1proone_400_g3_20-inch_touch_all-in-one_pc_firmwarehp_z2_mini_g5_firmwarehp_z2_tower_g5_firmwareelitebook_850_g5_firmwareelitebook_1040_g4_firmwarehp_mt44_mobile_thin_clientelitedesk_880_g3_tower_pc_firmwareproone_600_g5_21.5-in_all-in-one_business_pczbook_14u_g5_firmwareelitebook_755_g5probook_445r_g6elitedesk_800_g5_tower_pc_firmwareelitebook_x360_830_g6probook_440_g5_firmwarehp_z238_microtowerelitebook_830_g6zbook_15_g4_firmwareelitebook_x360_1030_g4proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmwareelitebook_848_g4_firmwareprobook_x360_11_g2_eezhan_66_pro_15_g2probook_650_g5_firmwareelitebook_745_g5_firmwareprobook_450_g6elitedesk_705_g4_small_form_factor_pcengage_go_mobile_system_firmwareproone_440_g5_23.8-in_all-in-one_business_pcprobook_440_g6_firmwareelitebook_850_g4hp_mt31_mobile_thin_client_firmwareelitebook_745_g4_firmwareeliteone_800_g3_23.8_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g4_workstation_firmwareelitedesk_800_35w_g3_desktop_mini_pc_firmwarezbook_x2_g4elitebook_755_g4_firmwarezbook_15_g6elitedesk_705_g3_small_form_factor_pc_firmwareprodesk_600_g3_desktop_mini_pczbook_studio_g5elite_x2_1012_g2_firmwareprobook_470_g5_firmwareprobook_650_g4elitebook_848_g4engage_one_aio_system_firmwareprobook_640_g4prodesk_400_g4_microtower_pcelitedesk_705_g4_microtower_pc_firmwareprodesk_600_g5_small_form_factor_pc_firmwareprobook_430_g5engage_go_10_mobile_systemelitedesk_800_g5_small_form_factor_pcprobook_455_g6engage_go_10_mobile_system_firmwarehp_z2_small_form_factor_g5zbook_15u_g4_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pchp_mt45_mobile_thin_clientzbook_17_g4_firmwareprodesk_405_g4_desktop_mini_pchp_mt44_mobile_thin_client_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcpro_x2_612_g2_firmwareelitedesk_800_g4_workstation_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwarehp_mt31_mobile_thin_clientelitebook_x360_1020_g2probook_450_g5_firmwareelitebook_1050_g1_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwarezbook_15u_g5elitedesk_800_65w_g3_desktop_mini_pceliteone_800_g5_23.8-in_all-in-one_firmwarezbook_15u_g4elite_x2_g4_firmwareelitebook_830_g5prodesk_480_g5_microtower_pc_firmwareelite_slice_g2elitebook_755_g4HP PC BIOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36966
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.95%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Subsystem for Linux Elevation of Privilege Vulnerability

Windows Subsystem for Linux Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36943
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4||MEDIUM
EPSS-0.29% / 51.91%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:12
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure CycleCloud Elevation of Privilege Vulnerability

Azure CycleCloud Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_cyclecloudAzure CycleCloud 8.2.0
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-3224
Matching Score-4
Assigner-Docker Inc.
ShareView Details
Matching Score-4
Assigner-Docker Inc.
CVSS Score-7.3||HIGH
EPSS-0.01% / 2.18%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 19:21
Updated-10 May, 2025 | 00:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.

Action-Not Available
Vendor-Docker, Inc.
Product-desktopDocker Desktop
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 14
  • 15
  • Next
Details not found