Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-50674

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Aug, 2025 | 00:00
Updated At-26 Aug, 2025 | 14:19
Rejected At-
Credits

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Aug, 2025 | 00:00
Updated At:26 Aug, 2025 | 14:19
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://openmediavault.com
N/A
https://gist.github.com/xbz0n/4b98e9291ddd5bb5e6232609e36b2082
N/A
https://xbz0n.sh/blog/CVE-2025-50674
N/A
Hyperlink: http://openmediavault.com
Resource: N/A
Hyperlink: https://gist.github.com/xbz0n/4b98e9291ddd5bb5e6232609e36b2082
Resource: N/A
Hyperlink: https://xbz0n.sh/blog/CVE-2025-50674
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Aug, 2025 | 16:15
Updated At:26 Aug, 2025 | 15:15

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-20Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-269Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-20
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://openmediavault.comcve@mitre.org
N/A
https://gist.github.com/xbz0n/4b98e9291ddd5bb5e6232609e36b2082cve@mitre.org
N/A
https://xbz0n.sh/blog/CVE-2025-50674cve@mitre.org
N/A
Hyperlink: http://openmediavault.com
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://gist.github.com/xbz0n/4b98e9291ddd5bb5e6232609e36b2082
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://xbz0n.sh/blog/CVE-2025-50674
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1030Records found
CVE-2021-1653
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.86%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CSC Service Elevation of Privilege Vulnerability

Windows CSC Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1263
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-1.28% / 78.79%
||
7 Day CHG+0.27%
Published-20 Jan, 2021 | 19:57
Updated-12 Nov, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Command Injection Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_100b_routervedge_cloud_routersd-wan_vbond_orchestratorvedge_5000_routervedge_100_routersd-wan_firmwarevedge_2000_routersd-wan_vsmart_controller_firmwarevedge_100wm_routercatalyst_sd-wan_managervedge_1000_routervedge_100m_routerCisco SD-WAN Solution
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-1084
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.64%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Microsoft CorporationNVIDIA CorporationLinux Kernel Organization, Inc
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinehypervisorwindowsvirtual_gpu_managervsphereNVIDIA Virtual GPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2022-32766
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.27%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_stick_stk2mv64cccompute_stick_stk2mv64cc_firmwareIntel(R) BIOS firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30754
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.61%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:32
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1681
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.76%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-19 Nov, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WalletService Elevation of Privilege Vulnerability

Windows WalletService Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 1803Windows 10 Version 1809Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1642
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.03%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:41
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1137
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.64% / 69.60%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:05
Updated-08 Nov, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN Solution
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1640
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.34% / 79.19%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 16:27
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1657
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.56% / 67.20%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-19 Nov, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Fax Compose Form Remote Code Execution Vulnerability

Windows Fax Compose Form Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1729
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.18% / 40.31%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 14:58
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Setup Elevation of Privilege Vulnerability

Windows Update Stack Setup Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1659
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.81%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CSC Service Elevation of Privilege Vulnerability

Windows CSC Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1704
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.65% / 69.78%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Elevation of Privilege Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1654
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.86%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CSC Service Elevation of Privilege Vulnerability

Windows CSC Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1682
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.15% / 36.80%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-0511
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.30%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 16:01
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0156
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.87%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel Corporation
Product-xeon_e-2286gcore_i7-7700t_firmwarecore_i3-10100core_i7-8850h_firmwarecore_i5-1038ng7core_i9-7900xcore_i5-11400core_i7-10710u_firmwarexeon_e-2174g_firmwarexeon_d-1633ncore_i9-11900_firmwarexeon_w-1270p_firmwarexeon_d-2173it_firmwarexeon_d-2145nt_firmwarexeon_platinum_8153xeon_e-2246gcore_i9-9960xcore_i5-6350hqcore_i3-6300txeon_w-2123core_i7-9700k_firmwarecore_i5-8500t_firmwarecore_i3-9300t_firmwarecore_i5-11260hxeon_e-2236xeon_platinum_8280_firmwarexeon_e-2374g_firmwarexeon_w-1270exeon_silver_4209t_firmwarecore_i5-6500tcore_i5-7500core_i5-6260uxeon_bronze_3104_firmwarecore_i9-9900kf_firmwarecore_i5-7440hqxeon_gold_6142fatom_c3758core_i7-8709gcore_i9-11900kfxeon_gold_6230txeon_silver_4210rxeon_w-1270xeon_e-2254me_firmwarecore_i5-8200ycore_i5-10500t_firmwarecore_i5-9400t_firmwarecore_i7-8809g_firmwarecore_i5-8260ucore_i5-11400fxeon_gold_6226r_firmwarexeon_silver_4116_firmwarecore_i5-7287u_firmwarecore_i9-10900xxeon_gold_6256_firmwarecore_m7-6y75xeon_w-3335xeon_w-11555mrecore_i5-10500hcore_i7-6800k_firmwarecore_i5-10600kfcore_i5-1035g1_firmwarexeon_w-2123_firmwarexeon_e-2146gxeon_silver_4112xeon_gold_6140core_i5-11500he_firmwarecore_i5-8210y_firmwarecore_i7-6650u_firmwarecore_i3-10100exeon_w-3365_firmwarexeon_platinum_8168_firmwarecore_i7-10700kf_firmwarexeon_e-2286g_firmwareatom_c3538core_i7-9700txeon_gold_6238core_i5-7600tcore_i7-4820katom_c3508xeon_w-2195_firmwarexeon_platinum_8256xeon_w-2275_firmwarexeon_gold_6130fxeon_e-2276mxeon_d-2163itcore_i3-1120g4core_i7-3930kcore_i5-11400hxeon_w-2235_firmwarexeon_d-1623nxeon_gold_6230n_firmwarecore_i7-10810ucore_i3-10300tcore_i3-8100xeon_gold_6140_firmwarecore_i5-1130g7core_i7-6560u_firmwarexeon_e-2378g_firmwarecore_i9-11900core_i5-6585rxeon_gold_6144xeon_platinum_8160f_firmwarecore_i5-9600kxeon_gold_5218r_firmwarecore_i3-7100core_m5-6y54core_i7-7600u_firmwarexeon_gold_5118core_i7-9700kf_firmwarecore_i5-1145g7core_i5-9300hcore_i5-10500exeon_silver_4214y_firmwarecore_i9-10850kcore_i5-6600t_firmwarecore_i5-8500bcore_i3-7100e_firmwarexeon_d-2143itxeon_silver_4209txeon_e-2226gecore_i5-8250u_firmwarecore_i7-7820hk_firmwarexeon_w-1390_firmwarexeon_gold_6212uxeon_w-2175_firmwarecore_i5-6600core_i3-8100hcore_i3-7300t_firmwarecore_i9-11900fcore_i7-9700f_firmwarexeon_d-2177nt_firmwarecore_i7-3930k_firmwarecore_i9-10920xcore_i9-11950hxeon_gold_6138pcore_i7-6500u_firmwarecore_i3-8130u_firmwarecore_i5-10310ucore_i7-6950x_firmwarecore_i7-8557ucore_i3-6320core_i3-8350k_firmwarecore_i9-9820x_firmwarecore_i3-1115gre_firmwarecore_i5-6440eqcore_i5-1030g7xeon_d-1602_firmwarecore_i9-10980hkxeon_w-11155mlexeon_d-1559_firmwarecore_i7-10700k_firmwarecore_i3-10305_firmwarexeon_e-2274gcore_i3-7100u_firmwarecore_i3-10325_firmwarexeon_gold_6138t_firmwarecore_i7-10510y_firmwarecore_i7-11800h_firmwarecore_i7-1060g7_firmwarecore_i5-6287uxeon_w-3323core_i7-8500yxeon_platinum_8276_firmwarecore_i7-1068ng7_firmwarecore_i5-7400_firmwarecore_i3-1110g4_firmwarexeon_w-2133_firmwarecore_i7-6700te_firmwareatom_c3808core_i5-9600xeon_gold_6134xeon_w-3375core_i5-8600tcore_i5-7200u_firmwarexeon_gold_6258r_firmwarecore_i3-10320_firmwarexeon_gold_5218bxeon_e-2288gxeon_w-1370pcore_i7-7500uxeon_e-2274g_firmwarexeon_gold_6148f_firmwarexeon_gold_5218rxeon_e-2124g_firmwarexeon_w-2235xeon_w-3175xxeon_w-3225core_i3-7101tecore_i7-7700xeon_d-1540core_i3-11100hexeon_gold_6246r_firmwarecore_i5-6440eq_firmwarexeon_gold_6246rcore_i5-7300hqxeon_d-1513ncore_i5-10505_firmwareatom_c3558_firmwarecore_i9-9900xcore_i9-9900t_firmwarecore_i5-9600_firmwarecore_i7-9700ecore_i9-11900kf_firmwarexeon_e-2254mexeon_platinum_8260l_firmwarecore_i7-8500y_firmwarecore_i7-6700t_firmwarecore_i7-6700tcore_i5-6442eq_firmwarexeon_w-3235_firmwarexeon_platinum_9222atom_c3336_firmwarecore_i3-10105tcore_i3-8100h_firmwarecore_i7-10510u_firmwarecore_i7-6820hk_firmwarecore_i7-7700_firmwarecore_i3-1000g4core_i3-7100t_firmwarecore_i9-10900kfcore_i3-9100hlcore_i7-11390h_firmwarecore_i9-9980hk_firmwareatom_c3858xeon_e-2144gxeon_gold_5119t_firmwarecore_i5-8300h_firmwarexeon_w-11555mlecore_i5-8279u_firmwarecore_i5-8500b_firmwarecore_i3-6102exeon_w-1390txeon_silver_4216core_i5-1140g7core_i7-11700kfcore_i7-10610ucore_i7-6770hqxeon_platinum_8276lxeon_gold_6138tcore_i7-7740xcore_i7-7y75xeon_e-2124gatom_c3850core_i5-11500txeon_platinum_9221_firmwarecore_i7-4930kcore_i7-11600h_firmwarecore_i5-9400core_i5-11400h_firmwarecore_i7-6600uatom_c3508_firmwarexeon_gold_6138core_i7-1185grexeon_gold_6146_firmwarecore_i5-8500_firmwarexeon_d-1557core_i5-1145gre_firmwareatom_c3436lcore_i3-10105f_firmwarexeon_w-3245mxeon_d-1637_firmwarexeon_w-11555mle_firmwarecore_i5-7300hq_firmwarexeon_w-1350atom_c3708core_i7-6500ucore_i5-1035g1xeon_w-3345_firmwarecore_i7-11850hxeon_w-1290xeon_e-2314_firmwarecore_i3-10110ucore_i7-8665u_firmwarecore_i7-8086k_firmwarexeon_w-2223_firmwarexeon_gold_6234atom_c3336xeon_gold_6142f_firmwarecore_i3-10100y_firmwarecore_i7-7567u_firmwarecore_i3-9100e_firmwarexeon_gold_6130_firmwarecore_i5-7442eq_firmwarexeon_gold_6136_firmwarexeon_gold_6252n_firmwarecore_i7-4930mxxeon_w-1250core_i9-10900core_i7-1065g7_firmwarexeon_silver_4116t_firmwarecore_i5-7360ucore_i5-1145g7_firmwarecore_i5-7300ucore_i7-11375h_firmwarexeon_silver_4109t_firmwarecore_i5-6600tcore_i5-6500t_firmwarecore_i3-7100h_firmwarecore_i7-8565ucore_i9-10940x_firmwarecore_i7-6600u_firmwarexeon_silver_4110xeon_bronze_3206r_firmwarexeon_w-3323_firmwarecore_i7-7700kxeon_platinum_8176core_i5-11500h_firmwarecore_i3-10100fcore_i9-9900_firmwarexeon_gold_5217core_i7-6850kcore_i7-9750hf_firmwarexeon_gold_5120tcore_i7-6870hq_firmwarexeon_gold_6210ucore_i5-7200uxeon_gold_5115xeon_d-1548_firmwarecore_i7-9700fcore_i5-8265u_firmwarecore_i7-6820hqcore_i5-10210ucore_i3-7300_firmwarexeon_w-11155mre_firmwarecore_i7-7740x_firmwarecore_i5-8400bcore_i3-7100hxeon_gold_5215core_i3-6100uxeon_bronze_3106_firmwarecore_i5-10400t_firmwarecore_i9-9900kscore_i5-6350hq_firmwarexeon_d-1531_firmwarexeon_d-1527_firmwarecore_i9-7920xxeon_d-1633n_firmwarecore_i9-7960x_firmwarecore_i5-11600kxeon_d-1513n_firmwarecore_i9-8950hkcore_i5-6360uxeon_gold_6126_firmwarecore_i5-10600tcore_i5-10600kf_firmwarexeon_w-1290_firmwarecore_i5-7640xxeon_w-3275mcore_i5-9500te_firmwarecore_i7-7700k_firmwarexeon_e-2386g_firmwarexeon_e-2176m_firmwarexeon_gold_6250lxeon_gold_6209ucore_i9-10900e_firmwarexeon_e-2278g_firmwarecore_i9-9920xxeon_d-2146nt_firmwarecore_i7-7660uxeon_e-2278gel_firmwarexeon_platinum_8158xeon_d-1518_firmwarecore_i7-7700hqcore_i7-6820hq_firmwarexeon_e-2244g_firmwarecore_i3-1120g4_firmwarecore_i7-6900k_firmwarexeon_e-2236_firmwarexeon_gold_6238l_firmwarecore_i5-6402pcore_m3-7y30core_i5-8269u_firmwarexeon_w-11155mrecore_i3-6100t_firmwarexeon_w-2135xeon_gold_6252core_i5-1140g7_firmwarecore_i7-11700kxeon_e-2276mlxeon_silver_4214rcore_i9-10920x_firmwarecore_i3-7101e_firmwarecore_i9-9880h_firmwarexeon_silver_4210r_firmwarecore_i7-6700hqcore_i7-5820k_firmwarecore_i3-8300core_i5-6500_firmwarecore_i3-7102e_firmwarexeon_e-2334_firmwarexeon_gold_6230rxeon_e-2276me_firmwarecore_i5-8400txeon_gold_6132_firmwarexeon_silver_4116txeon_w-1370p_firmwarecore_i5-11600kf_firmwarecore_i7-1065g7core_i7-9800xxeon_silver_4208xeon_e-2136_firmwarexeon_w-1270_firmwarexeon_gold_6210u_firmwarecore_i5-1130g7_firmwarecore_i7-6660u_firmwarexeon_gold_6126txeon_silver_4116fas\/aff_biosxeon_w-1250ecore_i5-8257u_firmwarecore_i5-1038ng7_firmwarexeon_platinum_8160fcore_i3-6100te_firmwarecore_i9-11900h_firmwarecore_i7-6567ucore_i5-9400f_firmwarecore_i7-8706g_firmwarexeon_gold_5215lcore_i5-7287uxeon_gold_6154_firmwarexeon_e-2146g_firmwarecore_i7-3970xxeon_gold_6126f_firmwarecore_i7-3960xxeon_platinum_8253_firmwarecore_i5-6600_firmwarexeon_e-2126g_firmwarecore_i5-1135g7_firmwarecore_i5-9600t_firmwarexeon_w-1350p_firmwarecore_i7-10610u_firmwarecore_i5-10500e_firmwarecore_i5-1145grexeon_w-3265mxeon_gold_6240lxeon_d-1529_firmwarexeon_gold_6248core_i5-11600k_firmwarexeon_e-2378_firmwarexeon_gold_6240l_firmwarexeon_platinum_8176f_firmwarecore_i3-8145ucore_i3-9300xeon_d-2173itcore_i7-7567ucore_i7-10870h_firmwarecore_i3-6098p_firmwarecore_i5-1155g7core_i3-9300tcore_i7-7820hqcore_i7-7820eqcore_i7-9700kxeon_platinum_8160tcore_i7-6920hq_firmwarexeon_gold_6252_firmwarecore_i7-3820xeon_e-2144g_firmwarecore_i7-10700te_firmwarecore_i7-10700ecore_i3-7320core_i7-3940xmxeon_gold_6126fcore_i5-6200u_firmwarecore_m5-6y57xeon_e-2388gcore_i7-9700te_firmwarexeon_platinum_8268xeon_e-2226gcore_i7-6700texeon_gold_6240rcore_i3-10100te_firmwarexeon_gold_6238_firmwarexeon_gold_6152_firmwarexeon_silver_4215rxeon_e-2278gcore_i9-10900ecore_i3-9100core_i5-8600core_i5-8250ucore_i9-11980hkxeon_w-3265core_m3-8100y_firmwarecore_i7-3940xm_firmwarecore_i5-10500tecore_i7-6700_firmwarecore_i7-7500u_firmwarecore_i5-10210y_firmwarecore_i7-8700k_firmwarecore_i3-6100texeon_gold_5119tcore_i7-8700bcore_i5-10500txeon_w-1250texeon_gold_6208ucore_i3-9100texeon_gold_6130f_firmwarecore_i5-9300hf_firmwarecore_m5-6y57_firmwareatom_c3338core_i5-11500t_firmwarecore_i3-6006u_firmwarexeon_gold_6242core_i7-10700kxeon_d-1627xeon_e-2186mcore_i3-8109u_firmwareatom_c3708_firmwarexeon_gold_6250_firmwarexeon_d-1623n_firmwarecore_i3-9350k_firmwarecore_i7-11370hcore_i5-7442eqcore_i7-8665uecore_i3-8130ucore_i3-7167ucore_i3-8300txeon_d-1528_firmwarecore_i5-11500hcore_i5-11600tatom_c3308_firmwarecore_i9-9900kxeon_gold_6240_firmwarecore_i7-5930kcore_i5-10400fcore_i7-1160g7core_i3-6157u_firmwarexeon_w-2265_firmwarexeon_e-2278ge_firmwarecore_i5-9400_firmwarexeon_gold_6226rxeon_bronze_3204xeon_w-1270e_firmwarexeon_e-2276m_firmwarecore_i3-7350k_firmwarexeon_d-1567core_i5-8400t_firmwarexeon_w-3365xeon_w-2135_firmwarexeon_gold_6142_firmwarecore_i7-9850hlatom_c3538_firmwarexeon_e-2286m_firmwarecore_i5-6300ucore_i5-8400hcore_m3-6y30core_i7-11850he_firmwarexeon_w-2175xeon_d-2141i_firmwarexeon_silver_4214r_firmwarexeon_silver_4108xeon_w-3335_firmwarecore_i3-10110ycore_i7-7820hkcore_i5-9300h_firmwarexeon_w-11855mxeon_gold_6240ycore_i3-6100xeon_gold_6238lxeon_w-1390xeon_gold_5218n_firmwarecore_i7-11700t_firmwarecloud_backupcore_i7-11700fcore_i7-8665ucore_m7-6y75_firmwarecore_i3-10305tcore_i3-9350kf_firmwarexeon_gold_6130t_firmwarecore_i7-5960x_firmwarexeon_w-1370_firmwarecore_i5-7440eq_firmwarexeon_d-1649n_firmwarecore_i3-8140ucore_i7-8086kcore_i5-7360u_firmwarecore_i3-8350kcore_i5-10600kxeon_gold_5222core_i7-10850hxeon_gold_6256core_i5-6360u_firmwarexeon_d-1523ncore_i3-1005g1_firmwarecore_i9-9900x_firmwarecore_i3-9100hl_firmwarecore_i5-10500te_firmwareatom_c3338rcore_i3-10300t_firmwarecore_i3-8100bcore_i3-6167ucore_i5-8279ucore_i3-10100f_firmwarexeon_gold_5118_firmwarecore_i5-8600kcore_i7-8700tcore_i3-7100_firmwarecore_i3-9320_firmwarexeon_d-1541xeon_d-1543n_firmwarexeon_d-1622xeon_gold_5222_firmwarecore_i5-6685r_firmwarecore_i7-8700t_firmwarecore_i5-6500te_firmwarecore_i5-1030g7_firmwarecore_i5-8600t_firmwarexeon_w-2223core_i7-6970hqcore_i7-1185g7e_firmwarexeon_gold_6238tatom_c3955core_i5-8500core_i5-11260h_firmwarecore_i5-9400h_firmwareatom_c3758r_firmwarecore_i5-10400f_firmwarecore_i7-6560ucore_i9-10980xe_firmwarexeon_gold_6240r_firmwarecore_i5-8257uxeon_gold_6212u_firmwarexeon_gold_6208u_firmwarecore_i7-8569ucore_i9-9900tcore_i7-10700t_firmwarecore_i5-6685ratom_c3558xeon_w-2133xeon_platinum_8260lxeon_e-2336_firmwarecore_i5-6287u_firmwarexeon_platinum_8270xeon_gold_6248r_firmwarecore_i5-8500txeon_gold_6132core_i7-4930k_firmwarexeon_w-11555mre_firmwarecore_i5-6400txeon_d-2166ntcore_i3-10305core_i7-9850he_firmwarecore_i3-6100h_firmwarexeon_w-1390pcore_i3-9100_firmwarecore_i7-6700core_i7-6820hkcore_i7-7560u_firmwarexeon_gold_6262vcore_i7-10710ucore_i5-10300hcore_i5-10210ycore_i7-1165g7_firmwarexeon_silver_4210_firmwarexeon_w-1270texeon_e-2224core_i9-9900ks_firmwarexeon_e-2124_firmwarexeon_gold_6238rxeon_silver_4110_firmwarexeon_platinum_8170core_i3-1125g4_firmwarexeon_e-2278gelxeon_d-1553ncore_i5-1030g4xeon_gold_6222v_firmwarecore_i9-10980hk_firmwarexeon_d-2166nt_firmwarecore_i5-10400_firmwarexeon_gold_6242r_firmwarexeon_w-2155core_i5-6600k_firmwarecore_i7-6700hq_firmwarexeon_platinum_8153_firmwarecore_i3-7102exeon_w-11155mle_firmwarexeon_silver_4216_firmwarecore_i3-1115g4e_firmwarexeon_gold_5122core_i9-10900k_firmwarexeon_gold_5215l_firmwareatom_c3758rxeon_w-2225_firmwarexeon_gold_6230core_i7-6870hqatom_c3950core_i3-9100exeon_silver_4109tcore_i3-7300xeon_d-1548core_i7-10510yxeon_bronze_3106core_i5-7y57_firmwarecore_i7-7820x_firmwarexeon_platinum_8260yxeon_e-2276ml_firmwarexeon_d-1653natom_c3338_firmwarecore_i9-10900_firmwarecore_i5-6300u_firmwarecore_i5-1155g7_firmwarexeon_gold_5218txeon_e-2374gxeon_e-2254ml_firmwarexeon_d-1557_firmwarecore_i5-9500t_firmwarexeon_gold_5218ncore_i7-8709g_firmwarexeon_d-2163it_firmwarexeon_w-2295_firmwarexeon_d-1531core_i7-10875h_firmwarexeon_e-2278gexeon_d-1533n_firmwarexeon_silver_4214yxeon_platinum_8156xeon_w-10855mxeon_d-2177ntcore_i7-6785r_firmwarexeon_w-3275_firmwarecore_i5-10600t_firmwarexeon_platinum_8270_firmwarecore_i7-11700k_firmwarecore_i5-10300h_firmwarexeon_w-3235core_i9-10900txeon_d-1571_firmwarexeon_e-2126gcore_i7-10700tecore_i9-10900kcore_i5-10600_firmwarexeon_gold_5220rxeon_w-11955mxeon_w-1290ecore_i5-10400tcore_i7-6820eq_firmwarecore_i7-1185g7core_i7-9700kfxeon_d-1541_firmwarexeon_w-1290te_firmwarexeon_platinum_9221xeon_d-2142itcore_i5-7600k_firmwarecore_i9-11980hk_firmwarexeon_platinum_9222_firmwarecore_i5-8305g_firmwarecore_i3-8100b_firmwarecore_i9-10900te_firmwarecore_i9-11900kcore_i3-8300t_firmwarexeon_gold_6150_firmwarecore_i3-7167u_firmwarecore_i7-10700_firmwarecore_i3-1005g1core_i7-1068ng7core_m3-6y30_firmwarecore_i7-1185gre_firmwarecore_i7-7820eq_firmwarexeon_d-1637core_i5-9400fcore_i5-11320h_firmwarexeon_d-1539_firmwarecore_i5-9500f_firmwarecore_i7-6800kcore_i7-7560uxeon_gold_5120core_i7-8550u_firmwarecore_i5-11600kfxeon_d-1602core_i5-8365uxeon_w-2245xeon_d-2145ntcore_i5-9600kfxeon_e-2288g_firmwarecore_i5-6267u_firmwarexeon_w-1250te_firmwarexeon_e-2224gcore_i5-8600_firmwarecore_i3-8100_firmwarecore_i5-8269ucore_i3-11100he_firmwarexeon_gold_6254_firmwarexeon_gold_5220_firmwarecore_i5-7600t_firmwarecore_i9-11900hcore_i7-9700t_firmwarecore_i7-1185g7ecore_i7-8665ue_firmwarecore_i7-4820k_firmwarecore_i7-7820hq_firmwarexeon_silver_4208_firmwarexeon_d-1521core_i3-8145uexeon_w-2155_firmwarecore_i5-8265ucore_i7-10700txeon_e-2246g_firmwarexeon_platinum_8170_firmwarecore_i9-9900kfcore_i5-6300hqcore_i5-6402p_firmwarexeon_silver_4114tcore_i7-10750hxeon_e-2226ge_firmwarexeon_gold_6134_firmwarecore_i7-1160g7_firmwarecore_i5-8400b_firmwarecore_i7-8706gcore_i7-5930k_firmwarecore_i7-11850h_firmwarecore_i3-6300core_i5-7400t_firmwarexeon_silver_4215xeon_gold_6230ncore_i5-8365u_firmwareatom_c3750xeon_platinum_8280l_firmwarecore_i7-1195g7core_i9-10885hcore_i5-7440eqcore_i5-9500_firmwarexeon_e-2386gcore_i3-9100t_firmwarecore_i7-1165g7core_i5-11400_firmwarexeon_gold_6242_firmwarecore_m3-7y32core_i7-11850hexeon_e-2134core_i7-10750h_firmwarexeon_w-1290tecore_i5-1145g7exeon_w-3265_firmwarexeon_d-2142it_firmwarecore_i7-8557u_firmwarecore_m3-7y32_firmwarexeon_w-11865mre_firmwarexeon_e-2176mxeon_gold_6230t_firmwarecore_i3-1000g1_firmwarexeon_gold_6130xeon_gold_5218_firmwarecore_i9-10900t_firmwarexeon_silver_4210txeon_w-3275m_firmwarecore_i5-11400f_firmwarexeon_gold_6138_firmwarecore_i9-11900k_firmwarexeon_e-2134_firmwarecore_i7-1185g7_firmwarexeon_gold_6136core_i7-1180g7_firmwarecore_i5-7267u_firmwarecore_i5-7640x_firmwarexeon_w-3245m_firmwarecore_i5-9600tcore_i9-11900t_firmwarexeon_e-2226g_firmwareatom_c3558rcore_i9-7960xxeon_w-1370xeon_d-1559xeon_platinum_9242_firmwarexeon_e-2174gatom_c3436l_firmwarecore_i7-7y75_firmwarexeon_d-1537xeon_gold_6230_firmwarexeon_gold_6128core_i7-1180g7xeon_e-2176gxeon_gold_6146core_i3-6100hxeon_gold_6254core_i3-10320core_i3-10105fxeon_w-1390t_firmwarexeon_e-2224_firmwarexeon_platinum_8160t_firmwarecore_i3-6098pcore_i5-6400xeon_d-1649nxeon_gold_6148_firmwarecore_i7-10875hcore_i5-6300hq_firmwarexeon_platinum_8156_firmwarecore_i7-1195g7_firmwarecore_i5-10400hcore_i5-9600kf_firmwarecore_i7-9800x_firmwarexeon_w-10885mxeon_gold_6234_firmwarexeon_e-2224g_firmwarexeon_silver_4114_firmwarexeon_gold_6126xeon_d-1527core_i9-9940xcore_i9-9980xe_firmwarecore_i5-6600kcore_i9-7940xxeon_gold_5220r_firmwarecore_i7-9700tecore_i7-6822eq_firmwarexeon_gold_6248rxeon_silver_4214core_i3-6102e_firmwarexeon_w-2125core_i5-6260u_firmwarecore_i9-9900k_firmwarecore_i5-6500tecore_i5-11300hxeon_gold_5220sxeon_platinum_8260core_i7-7800x_firmwarecore_i3-10105t_firmwarecore_i5-6500core_i5-10400h_firmwarexeon_gold_6138f_firmwarexeon_d-2146ntcore_i3-10100txeon_gold_6128_firmwarecore_i3-9100f_firmwarecore_i7-7700hq_firmwarecore_i9-9980hkxeon_e-2244gcore_i5-11500hecore_i3-7100txeon_w-2125_firmwarecore_i5-1035g4_firmwarexeon_platinum_8180core_i7-9850h_firmwarecore_i7-11700_firmwarecore_m5-6y54_firmwarecore_i7-11375hcore_i7-8559ucore_i5-9500ecore_i9-9920x_firmwarexeon_w-1250e_firmwarecore_i7-4960xcore_i7-5960xxeon_d-1521_firmwarecore_i3-6320_firmwarecore_i3-6100e_firmwarexeon_w-1290t_firmwarecore_i7-9750h_firmwarexeon_gold_6209u_firmwarexeon_gold_6138fcore_i3-10325xeon_e-2356gcore_i9-7920x_firmwarecore_i7-8700core_i3-7130ucore_i5-8400xeon_platinum_8276l_firmwarexeon_gold_6262v_firmwarexeon_e-2334core_i5-7440hq_firmwarecore_i7-9850hcore_i3-10110u_firmwarecore_i5-7600core_i9-10980xexeon_w-11865mlecore_i9-11900f_firmwarexeon_e-2186gxeon_gold_6226_firmwarecore_i5-8310y_firmwarexeon_silver_4210core_i9-10885h_firmwarexeon_gold_6250l_firmwarexeon_silver_4114t_firmwarecore_i5-11500_firmwarecore_i3-7320_firmwarecore_i7-6770hq_firmwarecore_i7-8569u_firmwarexeon_gold_6240y_firmwareatom_c3955_firmwarexeon_w-1350pxeon_d-2143it_firmwarecore_i5-9400txeon_w-3245_firmwarecore_i7-11800hcore_i7-11370h_firmwarecore_i3-10300xeon_w-1290p_firmwarexeon_w-1250p_firmwarexeon_bronze_3204_firmwarecore_i3-8100t_firmwarecore_i5-7600_firmwarecore_i9-9960x_firmwarecore_i5-10310u_firmwarexeon_gold_6154core_i5-8400_firmwarecore_i7-6567u_firmwarexeon_e-2234_firmwareatom_c3830core_i7-10870hxeon_silver_4215r_firmwarecore_i7-10510ucore_i3-6300t_firmwarexeon_bronze_3104xeon_w-1290pcore_i7-7920hq_firmwarecore_i5-8310ycore_i5-10500h_firmwarexeon_d-1523n_firmwarecore_i3-10300_firmwarexeon_d-2183it_firmwarecore_i5-6440hqxeon_w-3245xeon_e-2324gcore_i7-6660ucore_i9-7980xecore_i3-6100ecore_i7-6970hq_firmwarexeon_w-3345xeon_e-2186m_firmwarexeon_d-1528xeon_w-2295xeon_e-2234core_i3-9100tcore_i5-11300h_firmwarecore_i5-10500core_i7-8850hcore_i9-8950hk_firmwarecore_i5-8400h_firmwarecore_i5-11600_firmwarexeon_d-1622_firmwarexeon_w-11865mrecore_i3-10100_firmwarexeon_silver_4108_firmwarecore_i9-10900texeon_platinum_8260y_firmwarecore_i5-1030g4_firmwarecore_i3-6157ucore_i5-9500fcore_i3-10100yxeon_e-2378core_i7-7820xcore_i7-3970x_firmwarecore_i3-1115g4ecore_i7-7800xcore_i5-9400hxeon_platinum_8253xeon_gold_6252ncore_i3-9320atom_c3308xeon_platinum_8280xeon_platinum_8180_firmwarecore_i7-10700f_firmwarecore_i3-10100t_firmwarexeon_w-2255_firmwarexeon_gold_5220t_firmwarecore_i3-10105core_i5-11400tcore_i7-4940mxxeon_gold_6246core_i9-10900kf_firmwarecore_i7-8550uxeon_w-1350_firmwarecore_i7-10810u_firmwarecore_i9-10940xcore_i7-9700xeon_w-3265m_firmwarexeon_d-1577_firmwarexeon_gold_5122_firmwarecore_i7-9850hecore_i7-10700kfcore_i7-9850hl_firmwarecore_i5-8260u_firmwareatom_c3830_firmwarecore_i5-7500tcore_i5-6440hq_firmwarexeon_d-2187ntxeon_d-1518core_i5-6267ucore_i3-1000g1xeon_w-2225xeon_e-2276mecore_i7-3820_firmwarexeon_silver_4210t_firmwarecore_i5-7y54xeon_gold_5218t_firmwarecore_i7-6950xcore_i5-7400xeon_platinum_8164core_i7-8700b_firmwarexeon_e-2356g_firmwarexeon_platinum_8176fcore_i3-10305t_firmwarexeon_w-10855m_firmwarexeon_gold_5115_firmwarexeon_platinum_8168core_i9-10850k_firmwarecore_i7-7660u_firmwarecore_i5-8365ue_firmwarecore_i3-6167u_firmwarexeon_gold_5217_firmwarecore_i7-11600hcore_i7-7920hqcore_i7-10700core_i9-11950h_firmwarecore_i3-1115g4_firmwarexeon_d-1533ncore_i3-7020ucore_i5-1135g7xeon_w-2195core_i3-8145u_firmwarexeon_e-2136xeon_w-1270pcore_i5-9300hfcore_i5-8600k_firmwarecore_i9-9940x_firmwarexeon_gold_6258rcore_i3-1115g4xeon_platinum_9282core_i5-10400core_i3-7020u_firmwarexeon_d-2161ixeon_w-1250pcore_i7-8700kcore_i3-7130u_firmwarexeon_silver_4215_firmwarexeon_platinum_8160_firmwarexeon_d-2123itcore_i7-11700kf_firmwarecore_i5-8365uecore_i3-8109uxeon_gold_6142core_i3-1110g4atom_c3558r_firmwarecore_i7-4960x_firmwarexeon_bronze_3206rxeon_gold_6148xeon_w-3275xeon_gold_6240xeon_d-2161i_firmwarecore_i5-8200y_firmwarexeon_gold_5220core_i5-8350uxeon_platinum_8256_firmwarecore_i7-8750h_firmwarecore_i3-10100texeon_platinum_8176_firmwareatom_c3758_firmwarecore_i5-10210u_firmwarecore_i7-11390hcore_i3-8140u_firmwarexeon_d-1537_firmwarecore_i5-7y57xeon_w-3375_firmwarecore_i3-9300_firmwarecore_i7-3920xmcore_i5-7260uxeon_d-1540_firmwarecore_i5-10600k_firmwarecore_i5-8259u_firmwarexeon_e-2124core_i7-9750hcore_i3-6100u_firmwareatom_c3808_firmwarecore_i3-10110y_firmwarexeon_e-2186g_firmwarexeon_d-1553n_firmwarecore_i9-7980xe_firmwarexeon_w-1270te_firmwarecore_i7-8559u_firmwarecore_i5-7500_firmwarexeon_gold_6126t_firmwarecore_i5-11500core_i7-11700xeon_platinum_8160xeon_gold_6148fcore_i5-10600xeon_w-2245_firmwarecore_i5-10500_firmwarecore_i5-10310ycore_i5-10310y_firmwareatom_c3858_firmwarexeon_d-1567_firmwarecore_i5-8259uxeon_e-2388g_firmwarexeon_gold_6230r_firmwarexeon_e-2336xeon_gold_6246_firmwarexeon_platinum_8260_firmwarexeon_e-2286mcore_i5-11600t_firmwarecore_i7-6650ucore_i9-9880hcore_i7-4930mx_firmwarecore_i7-8705g_firmwarexeon_platinum_8158_firmwarexeon_gold_6244_firmwarecore_i5-6400_firmwarecore_i5-1035g4core_i7-8650ucore_i5-10200hcore_i7-8705gxeon_platinum_8276xeon_d-1529xeon_gold_5220txeon_e-2324g_firmwarecore_i7-7600uxeon_gold_6244xeon_w-3223_firmwarexeon_gold_6242rcore_i5-1035g7_firmwarecore_i3-7100exeon_w-2275xeon_w-3175x_firmwarexeon_w-2265core_i5-9500core_i3-7101ecore_i9-9900xeon_w-10885m_firmwarecore_i3-8145ue_firmwarecore_i9-9820xxeon_gold_5218b_firmwarexeon_gold_6248_firmwarecore_i7-9750hfxeon_d-2141icore_i7-3920xm_firmwarecore_i7-6850k_firmwarecore_i7-3960x_firmwarexeon_e-2176g_firmwarecore_i5-1035g7xeon_gold_6138p_firmwarexeon_e-2254mlcore_i5-8305gcore_i3-9350kcore_i3-1115grecore_i5-11600core_i5-7400tcore_i7-8750hcore_i3-6100txeon_w-2145_firmwarecore_i3-10100e_firmwarexeon_d-2183itxeon_d-2123it_firmwarecore_i5-8300hcore_i9-7940x_firmwarecore_i3-7101te_firmwarecore_i5-9500e_firmwarecore_i9-7900x_firmwarecore_i7-9700e_firmwarecore_i5-9500teatom_c3958xeon_gold_6130txeon_w-1290e_firmwarexeon_d-1520core_i5-1145g7e_firmwarecore_i5-7y54_firmwarexeon_d-2187nt_firmwarexeon_w-1390p_firmwarexeon_w-11955m_firmwarecore_i9-10900f_firmwarexeon_platinum_8280lcore_m3-8100yxeon_gold_5120t_firmwarexeon_silver_4114core_i5-7267ucore_i3-7100uxeon_d-1543ncore_i5-6442eqcore_i7-6700k_firmwarecore_i5-7260u_firmwareatom_c3750_firmwarecore_i7-11700tcore_i5-7300u_firmwarexeon_d-1520_firmwarexeon_platinum_9242core_i7-10700e_firmwarecore_i3-9100te_firmwarecore_i7-6700kcore_i7-6822eqcore_i3-7300tcore_i9-11900tcore_i5-8210ycore_i7-6785rcore_i7-1060g7core_i7-8565u_firmwarexeon_w-11855m_firmwarecore_i5-11400t_firmwarecore_i7-5820kcore_i7-9700_firmwarecore_i7-7700tcore_i7-6900kcore_i9-9980xexeon_platinum_9282_firmwarexeon_gold_5120_firmwarexeon_gold_6250core_i3-9350kfxeon_w-1290tcore_i7-8809gxeon_gold_6226core_i3-10105_firmwarecore_i5-11320hcore_i7-8650u_firmwarexeon_d-1577atom_c3958_firmwarecore_i5-6400t_firmwarecore_i3-6300_firmwarexeon_silver_4214_firmwarecore_i7-10850h_firmwarexeon_platinum_8268_firmwarexeon_e-2314core_i7-8700_firmwarecore_i3-7350kcore_i3-8300_firmwarecore_i5-10505xeon_d-1539core_i7-6820eqcore_i7-6920hqcore_i5-6585r_firmwarexeon_w-2255core_i9-10900x_firmwarecore_i5-7600kcore_m3-7y30_firmwarecore_i3-6006uxeon_gold_5215_firmwarexeon_gold_5220s_firmwarexeon_w-11865mle_firmwarecore_i3-1000g4_firmwarexeon_gold_6144_firmwarecore_i5-8350u_firmwarexeon_e-2276g_firmwarexeon_d-1627_firmwarexeon_gold_5218xeon_w-2145core_i7-4940mx_firmwarecore_i7-11700f_firmwarecore_i3-9100fatom_c3850_firmwarexeon_w-1250_firmwarecore_i5-7500t_firmwarexeon_d-1653n_firmwarecore_i9-10900fcore_i3-1125g4atom_c3950_firmwarexeon_w-3225_firmwarexeon_e-2378gcore_i5-10200h_firmwarecore_i3-8100tcore_i3-6100_firmwarexeon_gold_6238r_firmwarecore_i5-9500txeon_platinum_8164_firmwarexeon_w-3223xeon_gold_6152xeon_gold_6150xeon_e-2276gcore_i5-6200uxeon_gold_6222vcore_i7-10700fxeon_d-1571core_i5-9600k_firmwarexeon_gold_6238t_firmwareatom_c3338r_firmwarexeon_silver_4112_firmwareIntel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0062
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.90%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 12:47
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsgraphics_driversIntel(R) Graphics Drivers
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0159
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.78%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_gold_5215xeon_platinum_8260yxeon_platinum_8352vxeon_platinum_8352y_firmwarexeon_platinum_8260y_firmwarexeon_gold_5218txeon_platinum_8358xeon_platinum_8353hxeon_platinum_8360yxeon_platinum_8280_firmwarexeon_gold_5218nxeon_gold_5317_firmwarexeon_silver_4209t_firmwarexeon_gold_6336yxeon_gold_6250lxeon_gold_6209uxeon_silver_4314_firmwarexeon_platinum_8253xeon_gold_6252nxeon_silver_4214yxeon_platinum_8270_firmwarexeon_gold_6230txeon_platinum_8376h_firmwarexeon_silver_4210rxeon_platinum_8280xeon_gold_6238l_firmwarexeon_gold_5220t_firmwarexeon_gold_6252xeon_gold_5220rxeon_silver_4309y_firmwarexeon_gold_6246xeon_gold_6226r_firmwarexeon_silver_4214rxeon_silver_4210r_firmwarexeon_gold_6328hl_firmwarexeon_gold_6256_firmwarexeon_platinum_9221xeon_gold_6230rxeon_gold_6346_firmwarexeon_platinum_8360hlxeon_platinum_9222_firmwarexeon_gold_5315y_firmwarexeon_silver_4310txeon_silver_4208xeon_gold_5318hxeon_gold_6210u_firmwarexeon_platinum_8380_firmwarexeon_gold_5320_firmwarexeon_silver_4314xeon_silver_4210t_firmwarexeon_gold_5218t_firmwarexeon_gold_5215lxeon_silver_4316_firmwarexeon_platinum_8352sxeon_gold_5217_firmwarexeon_gold_6330n_firmwarexeon_platinum_8253_firmwarexeon_gold_6238xeon_platinum_8368_firmwarexeon_platinum_8376hxeon_gold_6240lxeon_gold_6248xeon_gold_6258rxeon_gold_6312u_firmwarexeon_gold_6240l_firmwarexeon_platinum_8256xeon_platinum_9282xeon_silver_4215_firmwarexeon_gold_6254_firmwarexeon_gold_5220_firmwarexeon_gold_6334_firmwarexeon_gold_6338nxeon_gold_6328hlxeon_gold_6252_firmwarexeon_gold_6230n_firmwarexeon_gold_6330xeon_bronze_3206rxeon_gold_6346xeon_silver_4208_firmwarexeon_gold_6240xeon_gold_5220xeon_platinum_8256_firmwarexeon_gold_5218r_firmwarexeon_gold_6348h_firmwarexeon_platinum_8268xeon_silver_4214y_firmwarexeon_gold_6240rxeon_gold_6238_firmwarexeon_gold_6330hxeon_silver_4209txeon_gold_6338xeon_gold_5315yxeon_platinum_8368q_firmwarexeon_silver_4215rxeon_gold_6212uxeon_platinum_8380xeon_silver_4215xeon_platinum_8368xeon_gold_6230nxeon_platinum_8280l_firmwarexeon_gold_6338txeon_platinum_8352mxeon_gold_6208uxeon_gold_6242_firmwarexeon_gold_6326_firmwarexeon_gold_6230r_firmwarexeon_gold_6242xeon_platinum_8360y_firmwarexeon_gold_6246_firmwarexeon_platinum_8260_firmwarexeon_platinum_8376hl_firmwarexeon_platinum_8360hxeon_gold_6230t_firmwarexeon_gold_6250_firmwarexeon_gold_5218_firmwarexeon_silver_4210txeon_gold_5320txeon_gold_6244_firmwarexeon_gold_6342xeon_gold_6330h_firmwarexeon_platinum_8276_firmwarexeon_platinum_8276xeon_silver_4316xeon_gold_6240_firmwarexeon_gold_5220txeon_gold_6336y_firmwarexeon_gold_6244xeon_gold_6242rxeon_gold_6330nxeon_platinum_9242_firmwarexeon_gold_6226rxeon_gold_6258r_firmwarexeon_bronze_3204xeon_gold_6230_firmwarexeon_gold_5218b_firmwarexeon_gold_5218bxeon_gold_6348hxeon_platinum_8354hxeon_gold_6248_firmwarexeon_gold_6328hxeon_platinum_8360hl_firmwarexeon_silver_4214r_firmwarexeon_gold_5318s_firmwarexeon_gold_6254xeon_gold_5218rxeon_gold_6334xeon_gold_6342_firmwarexeon_gold_6326xeon_gold_5320xeon_gold_6240yxeon_gold_6238lxeon_gold_5320h_firmwarexeon_gold_5218n_firmwarexeon_gold_6328h_firmwarexeon_platinum_8362_firmwarexeon_gold_5318h_firmwarexeon_gold_6348xeon_gold_6246r_firmwarexeon_gold_6354xeon_gold_6246rxeon_gold_6234_firmwarexeon_gold_5320hxeon_gold_6312uxeon_gold_5220r_firmwarexeon_gold_5222xeon_platinum_8380hlxeon_gold_6256xeon_platinum_8260l_firmwarexeon_gold_6338n_firmwarexeon_gold_6248rxeon_silver_4214xeon_gold_5318nxeon_platinum_9222xeon_platinum_8358_firmwarexeon_gold_5220sxeon_platinum_8260xeon_platinum_8280lxeon_silver_4309yxeon_platinum_8356hxeon_gold_6338t_firmwarexeon_gold_6314uxeon_gold_5320t_firmwarexeon_gold_5318y_firmwarexeon_gold_5222_firmwarexeon_platinum_9242xeon_silver_4216xeon_platinum_8358p_firmwarexeon_platinum_8362xeon_platinum_8276lxeon_platinum_8352v_firmwarexeon_platinum_8351n_firmwarexeon_gold_5318n_firmwarexeon_gold_6238txeon_gold_6314u_firmwarexeon_platinum_9221_firmwarexeon_silver_4310t_firmwarexeon_platinum_8368qxeon_gold_6240r_firmwarexeon_gold_5318yxeon_gold_6212u_firmwarexeon_gold_6208u_firmwarexeon_silver_4310xeon_gold_6209u_firmwarexeon_platinum_8352m_firmwarexeon_platinum_8356h_firmwarexeon_platinum_9282_firmwarexeon_platinum_8276l_firmwarexeon_gold_6250xeon_platinum_8260lxeon_platinum_8270xeon_gold_6248r_firmwarexeon_platinum_8380hxeon_gold_6262v_firmwarexeon_gold_6226xeon_gold_5318sxeon_silver_4214_firmwarexeon_platinum_8268_firmwarexeon_gold_6348_firmwarexeon_gold_6226_firmwarexeon_silver_4210xeon_gold_6250l_firmwarexeon_gold_6234xeon_silver_4310_firmwarexeon_platinum_8360h_firmwarexeon_gold_6252n_firmwarexeon_gold_6262vxeon_gold_6240y_firmwarexeon_platinum_8354h_firmwarexeon_gold_5215_firmwarexeon_gold_5220s_firmwarexeon_platinum_8358pxeon_gold_6330_firmwarexeon_silver_4210_firmwarexeon_platinum_8380hl_firmwarexeon_gold_5218xeon_gold_6338_firmwarexeon_gold_6238rxeon_bronze_3204_firmwarexeon_gold_6222v_firmwarexeon_gold_6238r_firmwarexeon_bronze_3206r_firmwarexeon_platinum_8352yxeon_silver_4215r_firmwarexeon_gold_5317xeon_gold_6242r_firmwarexeon_gold_5217xeon_platinum_8376hlxeon_gold_6210uxeon_gold_6222vxeon_silver_4216_firmwarexeon_platinum_8352s_firmwarexeon_platinum_8380h_firmwarexeon_gold_5215l_firmwarexeon_gold_6238t_firmwarexeon_platinum_8353h_firmwarexeon_platinum_8351nxeon_gold_6354_firmwarexeon_gold_6230Intel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2024-0833
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.71%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 15:15
Updated-17 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Elevation via Telerik Test Studio

In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

Action-Not Available
Vendor-Progress Software Corporation
Product-telerik_test_studioTelerik Test Studio
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-0255
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: ethtraceroute Local Privilege Escalation vulnerability in SUID binaries

A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run ethtraceroute with root privileges. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D240; 17.3 versions prior to 17.3R3-S11, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-0204
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.13%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 17:35
Updated-16 Sep, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: dexp Local Privilege Escalation vulnerabilities in SUID binaries

A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run dexp with root privileges and access sensitive information in the dexp database. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D34; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-52093
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.4||HIGH
EPSS-0.05% / 15.71%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 20:40
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-apex_oneTrend Micro Apex OneTrend Micro Apex One as a Serviceapex_one
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-24307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.54%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 00:00
Updated-04 Aug, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.

Action-Not Available
Vendor-mremotengn/a
Product-mremotengn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-9855
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.51%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:17
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0327
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.51%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 16:50
Updated-03 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-172935267

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-27826
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.61%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27828
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.61%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27677
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.45%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:52
Updated-19 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user.

Action-Not Available
Vendor-AMDAdvanced Micro Devices, Inc.
Product-ryzen_masterRyzen™ Master
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-27833
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.41%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynos_9830exynos_980exynos_2100Samsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-27829
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.61%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10079
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.26%
||
7 Day CHG~0.00%
Published-20 Apr, 2018 | 21:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.

Action-Not Available
Vendor-vertivn/a
Product-watchdog_consolen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-27830
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.61%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8327
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.10% / 29.07%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-vantageVantage
CWE ID-CWE-428
Unquoted Search Path or Element
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-5671
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.85%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 17:11
Updated-12 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

Action-Not Available
Vendor-HP Inc.
Product-print_and_scan_doctorHP Print and Scan Doctor for Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1727
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.84%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-0049
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.91%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 16:35
Updated-16 Apr, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0127
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-26 Oct, 2024 | 08:10
Updated-01 Nov, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vGPU and Cloud Gamingcloud_gaming_virtual_gpuvirtual_gpu_manager
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8474
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.27%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:18
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB System 800xA Weak Registry Permissions

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction.

Action-Not Available
Vendor-ABB
Product-800xa_base_systemSystem 800xA Base
CWE ID-CWE-275
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-0338
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.83%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 21:00
Updated-29 Nov, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_systemCisco Unified Computing System unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-0307
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.86%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 21:00
Updated-29 Nov, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_56128pnexus_9332pqnexus_3132q-xnexus_93108tc-exnexus_3172tqnx-osnexus_9508nexus_3100-vnexus_3636c-rnexus_93120txnexus_n9k-x9636c-rnexus_93128txnexus_3548-xlnexus_31128pqnexus_6001pnexus_3164qnexus_5020nexus_3172tq-32tnexus_3132c-znexus_3524-xnexus_5548pnexus_5648qnexus_9272qnexus_5672upnexus_3264qnexus_34180ycnexus_3064-32tnexus_5596upnexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xnexus_n9k-x9636q-rnexus_n9k-c9508-fm-rnexus_9504nexus_3048nexus_9500nexus_3524-xlnexus_9396txnexus_7000nexus_3172pqnexus_3064-xnexus_3232cnexus_5548upnexus_9396pxnexus_5010nexus_5000nexus_5596tnexus_3264c-enexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_93180yc-exnexus_6001tnexus_172tq-xlnexus_c36180yc-rnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0306
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.86%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. Note: This vulnerability requires that any feature license is uploaded to the device. The vulnerability does not require that the license be used. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51693, CSCve91634, CSCve91659, CSCve91663.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_56128pnexus_2232tm-e_10genexus_3132q-xnexus_3172tqnexus_9332pqnexus_2148tnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_3100-vnexus_93120txnexus_n9k-x9636c-rnexus_93128txmds_9506mds_9250inexus_3548-xlnexus_31128pqnexus_6001pnexus_3164qnexus_5020nexus_3172tq-32tnexus_2224tp_genexus_3524-xnexus_3132c-znexus_5548pnexus_5648qmds_9718nexus_9272qmds_9148smds_9513mds_9148tnexus_5672upmds_9132tnexus_3264qnexus_34180ycmds_9509mds_9706nexus_3064-32tnexus_5596upnexus_3548nexus_2248tp_genexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xnexus_n9k-x9636q-rnexus_n9k-c9508-fm-rmds_9148nexus_3048nexus_1110-xnexus_9504nexus_2232pp_10genexus_3524-xlnexus_9396txmds_9396tnexus_7000nexus_2248tp-emds_9396snexus_3172pqnexus_3064-xnexus_3232cnexus_5548upnexus_9396pxmds_9222inexus_5010nexus_5000nexus_2248pq_10genexus_1000vnexus_5596tnexus_3264c-enexus_1110-snexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tmds_9710nexus_2232tm_10genexus_93180yc-exnexus_6001tnexus_172tq-xlnexus_c36180yc-rnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-9114
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.91%
||
7 Day CHG~0.00%
Published-01 Dec, 2020 | 00:04
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-30756
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.61%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:32
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0302
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.77%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_4150firepower_4140ucs_6120xpucs_6140xpnx-osfirepower_9300_security_applianceucs_6296upucs_6324firepower_4110firepower_4120ucs_6248upfirepower_extensible_operating_systemucs_6332Cisco FXOS Software and UCS Fabric Interconnect unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-30298
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7||HIGH
EPSS-0.09% / 26.46%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 15:10
Updated-25 Oct, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisoarFortinet FortiSOAR
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-30726
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.89%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:03
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-26057
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 18:47
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mint WorkBench Link Following Local Privilege Escalation Vulnerability

Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product

Action-Not Available
Vendor-ABB
Product-mint_workbenchMint WorkBench
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-7867
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8||HIGH
EPSS-0.41% / 60.43%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 00:43
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Helpu arbitrary file creation vulnerability

An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator.

Action-Not Available
Vendor-helpuHelpU
Product-helpuviewerHelpuViewer.exe
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0337
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.76%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_5548pnexus_5624qnexus_5548upnexus_56128pnexus_5648qnexus_5672upnexus_7000nx-osnexus_5010nexus_5000nexus_5696qnexus_5596upnexus_5020nexus_5596tnexus_7700Cisco NX-OS unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 20
  • 21
  • Next
Details not found