Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-14252

Summary
Assigner-TXOne
Assigner Org ID-3ad20294-822c-4ebc-9301-f9a7cf62d46e
Published At-16 Dec, 2025 | 05:19
Updated At-07 Jan, 2026 | 15:06
Rejected At-
Credits

An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:TXOne
Assigner Org ID:3ad20294-822c-4ebc-9301-f9a7cf62d46e
Published At:16 Dec, 2025 | 05:19
Updated At:07 Jan, 2026 | 15:06
Rejected At:
â–¼CVE Numbering Authority (CNA)

An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior.

Affected Products
Vendor
Advantech (Advantech Co., Ltd.)Advantech
Product
SUSI
Default Status
unaffected
Versions
Affected
  • From 0 through 5.0.24335 (custom)
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.txone.com/psirt/advisories/CVE-2025-14252
N/A
Hyperlink: https://www.txone.com/psirt/advisories/CVE-2025-14252
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:3ad20294-822c-4ebc-9301-f9a7cf62d46e
Published At:16 Dec, 2025 | 06:15
Updated At:07 Jan, 2026 | 15:15

An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-269Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.txone.com/psirt/advisories/CVE-2025-142523ad20294-822c-4ebc-9301-f9a7cf62d46e
N/A
Hyperlink: https://www.txone.com/psirt/advisories/CVE-2025-14252
Source: 3ad20294-822c-4ebc-9301-f9a7cf62d46e
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

702Records found
CVE-2021-40478
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.46%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40477
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.02%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40470
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.63%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Elevation of Privilege Vulnerability

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40447
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.25%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-0293
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.94%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 13:14
Updated-06 Aug, 2024 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation

Action-Not Available
Vendor-ovirtoVirt Node
Product-nodeoVirt Node
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-4760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.36%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 19:12
Updated-06 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.

Action-Not Available
Vendor-safendn/a
Product-data_protector_agentn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-28008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.04%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 03:07
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution.

Action-Not Available
Vendor-n/aExim
Product-eximn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-4606
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.53%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 21:39
Updated-06 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xenservern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-34045
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-6.6||MEDIUM
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 09:00
Updated-07 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VMware Fusion installer local privilege escalation

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

Action-Not Available
Vendor-Apple Inc.VMware (Broadcom Inc.)
Product-fusionmac_os_xFusion
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-25150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.85%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 18:50
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges.

Action-Not Available
Vendor-malwarebytesn/a
Product-binisoft_windows_firewall_controln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-4761
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.36%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 19:22
Updated-06 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.

Action-Not Available
Vendor-safendn/a
Product-data_protector_agentn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-27519
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.64%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 13:16
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.

Action-Not Available
Vendor-pritunln/a
Product-pritunl-client-electronn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-34057
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.70%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 04:52
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Apple Inc.
Product-macostoolsVMware Tools
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26191
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.38%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-4480
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.94%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 17:44
Updated-06 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mom creates world-writable pid files in /var/run

Action-Not Available
Vendor-ovirtmomFedora Project
Product-momfedoramom
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26880
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.11%
||
7 Day CHG~0.00%
Published-07 Oct, 2020 | 17:33
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

Action-Not Available
Vendor-sympan/aDebian GNU/LinuxFedora Project
Product-debian_linuxsympafedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-34147
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.64%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 21:58
Updated-04 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex Onetrend_micro_apex_one
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38671
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.32%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-34146
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.64%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 21:58
Updated-04 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex Onetrend_micro_apex_one
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26181
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsemc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-2312
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.88%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:47
Updated-06 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.

Action-Not Available
Vendor-JBoss AS 7Red Hat, Inc.
Product-jboss_enterprise_application_platformjboss_application_serverJBoss
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-10022
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-1.38% / 80.01%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 20:42
Updated-06 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kloxo <= 6.1.12 Local Privilege Escalation

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.

Action-Not Available
Vendor-LxCenter
Product-Kloxo
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-39784
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.48%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-39783
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.48%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-39807
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.64%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-209446496

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-39797
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.64%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2012-1615
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.60%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 15:46
Updated-06 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

Action-Not Available
Vendor-sectoolFedora Project
Product-fedorasectoolsectool
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-23296
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 67.24%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:07
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38667
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.32%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-32487
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.97%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:28
Updated-08 Oct, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-0893
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.33%
||
7 Day CHG~0.00%
Published-19 Feb, 2025 | 17:56
Updated-27 Feb, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability.

Action-Not Available
Vendor-Symantec Corporation
Product-Symantec Diagnostic Tool
CWE ID-CWE-269
Improper Privilege Management
CVE-2011-4954
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.94%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 15:41
Updated-07 Aug, 2024 | 00:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

Action-Not Available
Vendor-cobblerdcobbler
Product-cobblercobbler
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38633
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.59%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-18 Nov, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-0327
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.5||HIGH
EPSS-0.03% / 9.60%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 06:20
Updated-13 Feb, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted.

Action-Not Available
Vendor-Schneider Electric SE
Product-EcoStruxure Process Expert for AVEVA System PlatformEcoStruxure Process Expert
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-23455
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.25%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:36
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Action-Not Available
Vendor-HP Inc.
Product-support_assistantHP Support Assistant
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-32451
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.70%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 07:46
Updated-07 Nov, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-24307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.03%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 00:00
Updated-04 Aug, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.

Action-Not Available
Vendor-mremotengn/a
Product-mremotengn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38639
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.77% / 73.21%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2011-3349
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 21:42
Updated-06 Aug, 2024 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.

Action-Not Available
Vendor-lightdm_projectlightdm
Product-lightdmlightdm
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-37941
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.63%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:15
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess. This vulnerability affects users that have set up the agent via the attacher cli 3, the attach API 2, as well as users that have enabled the profiling_inferred_spans_enabled option

Action-Not Available
Vendor-Elasticsearch BV
Product-apm_agentAPM Java Agent
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-24330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.84%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 16:19
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.

Action-Not Available
Vendor-trousers_projectn/aFedora Project
Product-trousersfedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38628
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.42%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-37852
Matching Score-4
Assigner-ESET, spol. s r.o.
ShareView Details
Matching Score-4
Assigner-ESET, spol. s r.o.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 05:14
Updated-16 Sep, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LPE in ESET products for Windows

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-ESET, spol. s r. o.
Product-securityserver_securityinternet_securitynod32_antivirusfile_securityendpoint_antivirusendpoint_securitysmart_securitymail_securityESET Server Security for Microsoft Windows ServerESET File Security for Microsoft Windows ServerESET Server Security for Microsoft AzureESET NOD32 AntivirusESET Internet SecurityESET Endpoint Security for WindowsESET Mail Security for IBM DominoESET Endpoint Antivirus for WindowsESET Security for Microsoft SharePoint ServerESET Smart SecurityESET Mail Security for Microsoft Exchange Server
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-24331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.84%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 16:19
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).

Action-Not Available
Vendor-trousers_projectn/aFedora Project
Product-trousersfedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38625
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.87%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-21046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.08%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 15:11
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege.

Action-Not Available
Vendor-softonicn/a
Product-eaglegetn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38630
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-9002
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.32%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 13:43
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries

Action-Not Available
Vendor-
Product-Easergy Studioeasergy_studio
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38626
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.87%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3808
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.35%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 20:52
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-zbook_17_g4mp9_g4_retail_systemproone_600_g4_21.5-inch_touch_all-in-one_business_pcelitebook_840_g5_firmwarezbook_15_g4zbook_14u_g6prodesk_400_g4_small_form_factor_pchp_z1_entry_tower_g5zhan_66_pro_15_g2_firmwareprodesk_600_g5_small_form_factor_pcprodesk_600_g4_desktop_mini_pc_firmwareelitebook_1040_g4elitedesk_800_35w_g4_desktop_mini_pc_firmwareelitedesk_800_95w_g4_desktop_mini_pc_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_pcprobook_x360_11_g2_ee_firmwareelitebook_735_g6_firmwareprodesk_400_g4_small_form_factor_pc_firmwareelitebook_x360_1030_g4_firmwareprobook_470_g4_firmwareprobook_x360_11_g3_ee_firmwarezhan_66_pro_13_g2hp_z2_mini_g5hp_mt21_mobile_thin_client_firmwareelitebook_755_g5_firmwarezbook_17_g6hp_z2_tower_g5engage_flex_pro_retail_systemelitedesk_705_g4_workstationhp_mt21_mobile_thin_clientelite_sliceelitebook_x360_1030_g3_firmwarehp_z2_mini_g4_firmwareprobook_640_g3probook_445r_g6_firmwareelitedesk_705_g4_desktop_mini_pc_firmwareprodesk_400_g6_small_form_factor_pcelitebook_846_g5_firmwareprodesk_600_g5_desktop_mini_pcelitedesk_800_g4_tower_pcprodesk_600_g3_microtower_pcelitebook_735_g5proone_400_g5_23.8-inch_all-in-one_business_pcprobook_640_g4_firmwareprobook_655_g3_firmwareprobook_440_g5prodesk_600_g4_microtower_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwarezbook_studio_g5_firmwareelitedesk_880_g3_tower_pcprodesk_680_g3_microtower_pc_firmwareprodesk_600_g3_desktop_mini_pc_firmwareprobook_650_g3probook_640_g5_firmwareelite_slice_g2_firmwareprodesk_400_g6_small_form_factor_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarehp_z240_small_form_factor_firmwareelitebook_828_g4proone_600_g5_21.5-in_all-in-one_business_pc_firmwareelitebook_735_g6probook_455_g4probook_650_g4_firmwareelitebook_830_g6_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwarezbook_studio_x360_g5_firmwareprobook_430_g6_firmwareprodesk_600_g5_microtower_pc_firmwarezbook_17_g6_firmwareprodesk_400_g3_desktop_mini_pc_firmwareprobook_445_g6_firmwareeliteone_800_g4_23.8-in_all-in-one_business_pchp_z1_all-in-one_g3_firmwareelitebook_x360_1030_g2_firmwarezhan_66_pro_14_g2elitedesk_705_g4_desktop_mini_pcpro_x2_612_g2engage_flex_pro_retail_system_firmwareprodesk_400_g5_microtower_pcprodesk_400_g3_desktop_mini_pcprodesk_400_g5_microtower_pc_firmwareprodesk_405_g4_desktop_mini_pc_firmwareengage_flex_pro-c_retail_system_firmwareelitedesk_880_g4_tower_pcproone_440_g5_23.8-in_all-in-one_business_pc_firmwareelitedesk_800_g4_small_form_factor_pc_firmwareelitedesk_800_g4_small_form_factor_pcprobook_640_g3_firmwareprodesk_480_g4_microtower_pcelitebook_745_g6_firmwarezbook_14u_g5probook_430_g4probook_430_g4_firmwareproone_400_g3_20-inch_touch_all-in-one_pcengage_flex_pro-c_retail_systemzbook_14u_g4probook_650_g3_firmwareprobook_470_g5elitedesk_705_g3_microtower_pc_firmwareelitebook_745_g6probook_455_g6_firmwarehp_z2_mini_g4elitedesk_880_g5_tower_pc_firmwareprodesk_480_g6_microtower_pc_firmwareelitebook_x360_1030_g2hp_z2_tower_g4_firmwareelitedesk_705_g5_desktop_mini_pc_firmwareelitedesk_705_g5_small_form_factor_pcelitedesk_800_g5_tower_pcprobook_645_g4_firmwareprodesk_400_g4_desktop_mini_pc_firmwareprodesk_400_g4_microtower_pc_firmwareelitedesk_705_g5_small_form_factor_pc_firmwarezbook_x2_g4_firmwareelitebook_x360_1040_g6probook_455r_g6elite_dragonflyzhan_x_13_g2prodesk_600_g4_desktop_mini_pchp_z1_entry_tower_g5_firmwareeliteone_800_g5_23.8-in_all-in-oneprodesk_600_g5_desktop_mini_pc_firmwareprobook_655_g3probook_650_g5prodesk_600_g5_microtower_pczbook_15u_g6elitebook_x360_1020_g2_firmwarehp_z240_tower_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pchp_z240_towerprobook_450_g4probook_x360_11_g3_eeprobook_445_g6probook_455r_g6_firmwareelitebook_830_g5_firmwareprodesk_680_g4_microtower_pcmp9_g4_retail_system_firmwareprodesk_600_g4_small_form_factor_pcelitebook_836_g6_firmwareelitedesk_800_g4_workstationelitedesk_800_g5_small_form_factor_pc_firmwareengage_go_mobile_systemproone_400_g5_23.8-inch_all-in-one_business_pc_firmwarehp_z2_mini_g3prodesk_400_g6_microtower_pcelitedesk_800_g3_small_form_factor_pchp_z1_all-in-one_g3elitebook_850_g6_firmwareprobook_455_g5elitedesk_705_g3_desktop_mini_pcprobook_645_g3probook_430_g5_firmwarehp_z2_mini_g3_firmwareelitebook_846_g5elite_x2_g4prodesk_400_g5_small_form_factor_pc_firmwareprodesk_480_g4_microtower_pc_firmwareprobook_440_g6elite_slice_firmwareelitebook_745_g4zbook_studio_x360_g5elitedesk_705_g4_small_form_factor_pc_firmwareelitedesk_800_g3_tower_pceliteone_800_g3_23.8_non-touch_all-in-one_business_pcelitebook_745_g5elitedesk_705_g3_microtower_pchp_z2_small_form_factor_g4_firmwarehp_z238_microtower_firmwarezbook_14u_g4_firmwareproone_400_g3_20-inch_non-touch_all-in-one_pcelitebook_840_g4_firmwareprodesk_600_g4_small_form_factor_pc_firmwarezbook_17_g5probook_640_g5zbook_17_g5_firmwareelitebook_850_g5probook_455_g4_firmwarezbook_studio_g4_firmwareelitebook_828_g4_firmwareelitebook_840_g5prodesk_405_g4_small_form_factor_pc_firmwarezbook_15u_g5_firmwareelitebook_x360_1040_g5_firmwareelitebook_725_g4_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pc_firmwareelitebook_x360_1040_g6_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g5_desktop_mini_pczhan_66_pro_g1zbook_15_g6_firmwareprobook_11_ee_g2zbook_15u_g6_firmwareelitedesk_800_65w_g3_desktop_mini_pc_firmwareelitedesk_880_g5_tower_pcelite_x2_1013_g3_firmwareelitedesk_800_95w_g4_desktop_mini_pcproone_400_g5_20-inch_all-in-one_business_pcelitedesk_800_g3_small_form_factor_pc_firmwareprobook_440_g4probook_x360_11_g4_ee_firmwareelitebook_x360_830_g5_firmwareelitedesk_705_g3_small_form_factor_pchp_z2_small_form_factor_g4prodesk_600_g3_small_form_factor_pc_firmwareelitebook_x360_1040_g5elitebook_840_g6zbook_15_g5elitedesk_705_g4_microtower_pczbook_studio_g4prodesk_680_g3_microtower_pcprodesk_680_g4_microtower_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pcelitedesk_800_35w_g4_desktop_mini_pcproone_400_g3_20-inch_non-touch_all-in-one_pc_firmwareelitedesk_800_g5_desktop_mini_pcelite_dragonfly_firmwareelitebook_840_g4zhan_66_pro_14_g2_firmwarezbook_15_g5_firmwareprobook_645_g3_firmwareprodesk_400_g4_desktop_mini_pcprobook_450_g5proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareelitebook_840r_g4_firmwareprobook_470_g4prodesk_600_g3_small_form_factor_pcelitedesk_880_g4_tower_pc_firmwareelitebook_725_g4elitedesk_800_g5_desktop_mini_pc_firmwareelitebook_735_g5_firmwareelite_x2_1012_g2elitebook_840_g6_firmwareelitedesk_705_g3_desktop_mini_pc_firmwareelitebook_840r_g4elitebook_836_g5_firmwareengage_one_aio_systemprobook_440_g4_firmwareprobook_x360_11_g4_eezhan_x_13_g2_firmwareprobook_455_g5_firmwareelite_x2_1013_g3prodesk_400_g5_desktop_mini_pcprodesk_600_g4_microtower_pc_firmwarezhan_66_pro_g1_firmwareelitebook_1050_g1prodesk_600_g3_microtower_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pcelitebook_x360_830_g6_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_business_pcelitebook_850_g4_firmwareprobook_430_g6prodesk_400_g6_microtower_pc_firmwarehp_mt45_mobile_thin_client_firmwareprodesk_405_g4_small_form_factor_pchp_z2_small_form_factor_g5_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pcprodesk_480_g5_microtower_pcprobook_450_g4_firmwareelitebook_850_g6elitedesk_800_35w_g3_desktop_mini_pceliteone_800_g4_23.8-in_all-in-one_business_pc_firmwareprodesk_480_g6_microtower_pcprobook_11_ee_g2_firmwareelitebook_820_g4_firmwareelitedesk_800_g3_tower_pc_firmwareelitebook_820_g4elitebook_836_g6elitebook_x360_830_g5zbook_14u_g6_firmwareprobook_645_g4probook_x360_440_g1_firmwareelitedesk_800_g4_tower_pc_firmwareelitebook_x360_1030_g3hp_z2_tower_g4elitebook_836_g5prodesk_400_g5_desktop_mini_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pc_firmwareprodesk_400_g5_small_form_factor_pchp_z240_small_form_factorprobook_x360_440_g1proone_400_g3_20-inch_touch_all-in-one_pc_firmwarehp_z2_mini_g5_firmwarehp_z2_tower_g5_firmwareelitebook_850_g5_firmwareelitebook_1040_g4_firmwarehp_mt44_mobile_thin_clientelitedesk_880_g3_tower_pc_firmwareproone_600_g5_21.5-in_all-in-one_business_pczbook_14u_g5_firmwareelitebook_755_g5probook_445r_g6elitedesk_800_g5_tower_pc_firmwareelitebook_x360_830_g6probook_440_g5_firmwarehp_z238_microtowerelitebook_830_g6zbook_15_g4_firmwareelitebook_x360_1030_g4proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmwareelitebook_848_g4_firmwareprobook_x360_11_g2_eezhan_66_pro_15_g2probook_650_g5_firmwareelitebook_745_g5_firmwareprobook_450_g6elitedesk_705_g4_small_form_factor_pcengage_go_mobile_system_firmwareproone_440_g5_23.8-in_all-in-one_business_pcprobook_440_g6_firmwareelitebook_850_g4hp_mt31_mobile_thin_client_firmwareelitebook_745_g4_firmwareeliteone_800_g3_23.8_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g4_workstation_firmwareelitedesk_800_35w_g3_desktop_mini_pc_firmwarezbook_x2_g4elitebook_755_g4_firmwarezbook_15_g6elitedesk_705_g3_small_form_factor_pc_firmwareprodesk_600_g3_desktop_mini_pczbook_studio_g5elite_x2_1012_g2_firmwareprobook_470_g5_firmwareprobook_650_g4elitebook_848_g4engage_one_aio_system_firmwareprobook_640_g4prodesk_400_g4_microtower_pcelitedesk_705_g4_microtower_pc_firmwareprodesk_600_g5_small_form_factor_pc_firmwareprobook_430_g5engage_go_10_mobile_systemelitedesk_800_g5_small_form_factor_pcprobook_455_g6engage_go_10_mobile_system_firmwarehp_z2_small_form_factor_g5zbook_15u_g4_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pchp_mt45_mobile_thin_clientzbook_17_g4_firmwareprodesk_405_g4_desktop_mini_pchp_mt44_mobile_thin_client_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcpro_x2_612_g2_firmwareelitedesk_800_g4_workstation_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwarehp_mt31_mobile_thin_clientelitebook_x360_1020_g2probook_450_g5_firmwareelitebook_1050_g1_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwarezbook_15u_g5elitedesk_800_65w_g3_desktop_mini_pceliteone_800_g5_23.8-in_all-in-one_firmwarezbook_15u_g4elite_x2_g4_firmwareelitebook_830_g5prodesk_480_g5_microtower_pc_firmwareelite_slice_g2elitebook_755_g4HP PC BIOS
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 14
  • 15
  • Next
Details not found