Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-54871

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-05 Aug, 2025 | 00:03
Updated At-05 Aug, 2025 | 14:55
Rejected At-
Credits

Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:05 Aug, 2025 | 00:03
Updated At:05 Aug, 2025 | 14:55
Rejected At:
▼CVE Numbering Authority (CNA)
Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0.

Affected Products
Vendor
steveseguin
Product
electroncapture
Versions
Affected
  • < 2.20.0
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h
x_refsource_CONFIRM
https://github.com/steveseguin/electroncapture/commit/3837f54e75911bb99fa45cfa138a5e401d16f531
x_refsource_MISC
https://github.com/steveseguin/electroncapture/releases/tag/2.20.0
x_refsource_MISC
Hyperlink: https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/steveseguin/electroncapture/commit/3837f54e75911bb99fa45cfa138a5e401d16f531
Resource:
x_refsource_MISC
Hyperlink: https://github.com/steveseguin/electroncapture/releases/tag/2.20.0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h
exploit
Hyperlink: https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:05 Aug, 2025 | 01:15
Updated At:09 Oct, 2025 | 17:33

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
electroncapture
electroncapture
>>electron_capture>>Versions before 2.20.0(exclusive)
cpe:2.3:a:electroncapture:electron_capture:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Secondarysecurity-advisories@github.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: security-advisories@github.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/steveseguin/electroncapture/commit/3837f54e75911bb99fa45cfa138a5e401d16f531security-advisories@github.com
Patch
https://github.com/steveseguin/electroncapture/releases/tag/2.20.0security-advisories@github.com
Release Notes
https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4hsecurity-advisories@github.com
Exploit
Vendor Advisory
https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
Hyperlink: https://github.com/steveseguin/electroncapture/commit/3837f54e75911bb99fa45cfa138a5e401d16f531
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/steveseguin/electroncapture/releases/tag/2.20.0
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

271Records found
CVE-2020-10139
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.74%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 13:40
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-true_imageTrue Image 2021
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-665
Improper Initialization
CVE-2020-10138
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.74%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 13:40
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protectcyber_backupCyber BackupCyber Protect
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-665
Improper Initialization
CVE-2025-21469
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.41%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Camera Driver

Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs5430wsa8845_firmwarewsa8840wsa8845hwcd9380_firmwarewcd9370qcm5430qcm5430_firmwarewsa8830wcd9385sc8380xpsnapdragon_7c\+_gen_3_compute_firmwaresc8380xp_firmwarefastconnect_6700sc8280xp-abbbwcd9375_firmwarefastconnect_6900fastconnect_7800_firmwarewcd9370_firmwareqcs5430_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380qcm6490_firmwaresc8280xp-abbb_firmwarefastconnect_7800wcd9375qcm6490wsa8845fastconnect_6700_firmwarewsa8845h_firmwarevideo_collaboration_vc3_platform_firmwareqcs6490_firmwarewsa8835_firmwareqcs6490snapdragon_7c\+_gen_3_computewsa8835wsa8840_firmwarewsa8830_firmwarevideo_collaboration_vc3_platformSnapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21425
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.06% / 17.93%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 10:15
Updated-19 Aug, 2025 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Automotive Linux OS

Memory corruption may occur due top improper access control in HAB process.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa7775psa8620psrv1h_firmwaresa7255pqca6595au_firmwaresa8540p_firmwareqamsrv1m_firmwaresa6145p_firmwaresa8255psa6155p_firmwaresa8195pqca6698aqsa8295psa8145p_firmwaresa8295p_firmwaresa8775psa8150psa6150p_firmwareqam8295p_firmwareqam8620pqca6574au_firmwaresa8145pqamsrv1msa8540psa8770psa6150psrv1m_firmwareqca6696qamsrv1h_firmwareqca6574ausa8775p_firmwareqca6595_firmwareqca6688aq_firmwareqam8295psrv1l_firmwareqca6696_firmwaresa8770p_firmwaresa6155pqca6595ausrv1hqca6688aqsa6145pqamsrv1hqca6595qam8775pqam8255pqam8650p_firmwaresa8255p_firmwareqam8620p_firmwaresa9000psa7255p_firmwaresa8620p_firmwaresrv1lsa8650psa8155p_firmwaresa9000p_firmwaresa8155pqam8775p_firmwaresa8650p_firmwareqam8255p_firmwaresa7775p_firmwareqca6698aq_firmwaresa8150p_firmwaresrv1mqam8650psa8195p_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2025-21470
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.41%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Camera Driver

Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8845_firmwarewsa8840wcd9370wcd9340_firmwarewcd9385sc8380xpwcd9341_firmwaresnapdragon_7c\+_gen_3_compute_firmwarefastconnect_6700qca6420sc8280xp-abbbqca6430wsa8815_firmwarewcd9370_firmwareqcm6490_firmwarewcd9340wcd9341qcm6490wsa8810_firmwarewsa8845h_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresnapdragon_7c\+_gen_3_computewsa8835wsa8840_firmwareqca6391_firmwareqca6430_firmwarefastconnect_6800_firmwareqcs5430wsa8845hwcd9380_firmwareqcm5430sc8180x-acafsc8180x-ad_firmwareqcm5430_firmwarewsa8815wsa8830sc8380xp_firmwarefastconnect_6800wcd9375_firmwarefastconnect_7800_firmwarefastconnect_6900qca6391qcs5430_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380fastconnect_6200sc8280xp-abbb_firmwarefastconnect_7800sc8180x-acaf_firmwarewcd9375wsa8845fastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresc8180x-adwsa8835_firmwaresc8180x-aaabwsa8810sc8180x-aaab_firmwareqcs6490fastconnect_6200_firmwarewsa8830_firmwarevideo_collaboration_vc3_platformaqt1000Snapdragon
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21105
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.02% / 5.36%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 12:10
Updated-31 Jul, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for VMs
CWE ID-CWE-284
Improper Access Control
CVE-2023-52712
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.62%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 06:22
Updated-17 Jan, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-curiem-wfg9b_firmwarecuriem-wfg9bCurieM-WFG9B
CWE ID-CWE-284
Improper Access Control
CVE-2025-1865
Matching Score-4
Assigner-cirosec GmbH
ShareView Details
Matching Score-4
Assigner-cirosec GmbH
CVSS Score-8.5||HIGH
EPSS-0.07% / 20.28%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 09:52
Updated-07 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation in Virtual CloneDrive Kernel Driver

The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM.

Action-Not Available
Vendor-Elaborate Bytes AG
Product-Virtual CloneDrive
CWE ID-CWE-284
Improper Access Control
CVE-2023-7025
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.08%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 03:00
Updated-24 Apr, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KylinSoft hedron-domain-hook DBus init_kcm access control

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-kylinosKylinSoft
Product-hedron-domain-hookhedron-domain-hook
CWE ID-CWE-284
Improper Access Control
CVE-2024-9576
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7||HIGH
EPSS-0.06% / 19.07%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 14:28
Updated-12 Nov, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access control in Linux Workbooth Distro

Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.

Action-Not Available
Vendor-workbooth_projectLinux Workboothlinux_workbooth
Product-workboothLinux Workboothlinux_workbooth
CWE ID-CWE-284
Improper Access Control
CVE-2024-9157
Matching Score-4
Assigner-Synaptics, Inc.
ShareView Details
Matching Score-4
Assigner-Synaptics, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.12%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:28
Updated-11 Mar, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation Vulnerability in CxUIUSvc service

** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.

Action-Not Available
Vendor-Synaptics
Product-Synaptics Audio Driver
CWE ID-CWE-284
Improper Access Control
CVE-2024-7553
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-7.3||HIGH
EPSS-0.24% / 46.96%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 09:57
Updated-19 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Accessing Untrusted Directory May Allow Local Privilege Escalation

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue

Action-Not Available
Vendor-MongoDB, Inc.Microsoft Corporation
Product-windows_server_2016windows_10_1803windows_11_22h2windows_10_1507windows_11_21h2c_driverwindows_10_21h1windows_11_23h2windows_10_1511mongodbwindows_10_21h2windows_10_1809windows_10_1709windows_10_2004php_driverwindows_10_1903windows_10_1909windows_11windows_10_22h2windows_10_20h2windows_server_2022windows_10_1703windows_server_2019windows_10_1607MongoDB PHP DriverMongoDB ServerMongoDB C Driver
CWE ID-CWE-284
Improper Access Control
CVE-2024-53010
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.27%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 05:52
Updated-28 Nov, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Core

Memory corruption may occur while attaching VM when the HLOS retains access to VM.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380qcs6490_firmwaresdx80msdx55snapdragon_888_5g_mobile_platform_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-ab\)_firmwareqca6310_firmwareqca6688aqqam8650psd670_firmwareqca6420_firmwarewcd9340_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_x72_5g_modem-rf_systemsa6155psnapdragon_870_5g_mobile_platform_\(sm8250-ac\)qamsrv1m_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresnapdragon_8\+_gen_2_mobile_platformsnapdragon_8cx_compute_platform_\(sc8180xp-ac\)_firmwareqfw7124_firmwareqcs8550snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmwareaqt1000qdx1011snapdragon_8cx_compute_platform_\(sc8180x-ab\)qep8111_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresm7325p_firmwareqam8255p_firmwarevision_intelligence_400_platformsrv1l_firmwaresnapdragon_x50_5g_modem-rf_systemsa8150p_firmwareqcm8550_firmwareqamsrv1h_firmwaresm4635_firmwaresd855wcd9341_firmwaresnapdragon_auto_5g_modem-rf_gen_2sd_8_gen1_5gsnapdragon_845_mobile_platformsnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmwareqam8295pssg2115pwcd9385_firmwareqcm6490_firmwaresa7255p_firmwaresnapdragon_x62_5g_modem-rf_systemqep8111qca6391sa8295p_firmwareqca6335_firmwareqca6584au_firmwareqcs6490snapdragon_x72_5g_modem-rf_system_firmwaresd_675_firmwaresnapdragon_x62_5g_modem-rf_system_firmwarewsa8810sc8380xp_firmwareqcm8550snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwarewsa8815sm7315snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)_firmwaresrv1hqcm4490_firmwaresnapdragon_855_mobile_platformqdu1010_firmwarewcd9326_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)snapdragon_778g_5g_mobile_platform_firmwareqca6421_firmwaresnapdragon_x32_5g_modem-rf_system_firmwaresm8550p_firmwareqru1062_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwareqca6574au_firmwaresd_8_gen1_5g_firmwarewcd9378snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\)sa8530pqca6595au_firmwaresnapdragon_8_gen_2_mobile_platformqdx1010wcn3980qca6584auqcn6274snapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)vision_intelligence_300_platform_firmwaresa8150psnapdragon_ar1_gen_1_platform_\"luna1\"_firmwareqca6797aqqam8650p_firmwareqcn6224_firmwareqca6564asa8155psnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)sa8540p_firmwarewcd9385wcd9380_firmwareqca9377_firmwareqca6574asnapdragon_675_mobile_platformwcd9340snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)qca6436wsa8845_firmwarewcd9341sa7255pqca6426_firmwarefastconnect_6200sd888sg8275p_firmwareqca8337_firmwaresnapdragon_x35_5g_modem-rf_systemwcn3988_firmwaresnapdragon_675_mobile_platform_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\)_firmwareqca6698aqsnapdragon_8c_compute_platform_\(sc8180x-ad\)_firmwarewsa8832aqt1000_firmwaresd675_firmwareqdu1210snapdragon_ar1_gen_1_platform_firmwareqsm8350_firmwaresnapdragon_7c\+_gen_3_computeqcn6224snapdragon_ar1_gen_1_platformsnapdragon_670_mobile_platform_firmwaresdx57m_firmwaresnapdragon_x24_lte_modemwcd9370qca8081_firmwareqcc710_firmwareqca6698aq_firmwarefastconnect_6800qca6574a_firmwarewsa8832_firmwaresa8650psxr2230p_firmwareqca6678aq_firmwareqsm8350sm7250psm8550pwcd9378_firmwareqca6431_firmwareqcn9274_firmwareqcs5430ssg2115p_firmwaresm7315_firmwarewsa8845h_firmwarewcd9395_firmwaresd670snapdragon_x35_5g_modem-rf_system_firmwarefastconnect_6900_firmwareqca6678aqsa9000pwsa8835_firmwaresa8295psnapdragon_888_5g_mobile_platformwcd9390ar8035sc8380xpqdx1011_firmwaresa8775p_firmwaresdx55_firmwarewcn3988qam8775psa8540pqca6696_firmwarevision_intelligence_300_platformvision_intelligence_400_platform_firmwareqca6797aq_firmwaresnapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6564au_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)_firmwaresa8650p_firmwaresnapdragon_678_mobile_platform_\(sm6150-ac\)qcn9011_firmwarerobotics_rb3_platform_firmwareqcs4490_firmwaresxr2250p_firmwaresnapdragon_780g_5g_mobile_platformsrv1mqcn9012_firmwarewcd9395sxr2250pqcn9012qcm4490qru1052sxr2330p_firmwarewsa8810_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmwareqdu1210_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-af\)qdu1110_firmwarewsa8840snapdragon_778g_5g_mobile_platformsxr1230pqdu1110qca9377wsa8840_firmwarefastconnect_6700_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresa8155_firmwaresnapdragon_782g_mobile_platform_\(sm7325-af\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-af\)_firmwareqdu1000fastconnect_6700sm7250p_firmwarewcn3950_firmwareqca6696wcn3980_firmwareqcm5430_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-ac\)sxr2330pqcs8550_firmwarewsa8845hqca6426qdx1010_firmwareqca6310snapdragon_780g_5g_mobile_platform_firmwaresdx57mqcn9011snapdragon_8\+_gen_1_mobile_platformssg2125p_firmwareqcn9274snapdragon_865_5g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)qam8295p_firmwaresnapdragon_x32_5g_modem-rf_systemsm7325pqcs9100qfw7114wcd9326snapdragon_4_gen_2_mobile_platformsnapdragon_x55_5g_modem-rf_systemqca6421wcd9370_firmwaresnapdragon_855_mobile_platform_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)snapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresnapdragon_8_gen_1_mobile_platformar8035_firmwaresrv1lwsa8845qdu1010sdx80m_firmwaresnapdragon_865_5g_mobile_platform_firmwaresa8155qamsrv1hqru1062snapdragon_845_mobile_platform_firmwareqca6574snapdragon_xr2_5g_platformwcn6740_firmwaresa8255p_firmwaresa6155sxr1230p_firmwaresd855_firmwaresnapdragon_782g_mobile_platform_\(sm7325-af\)sg8275psnapdragon_8\+_gen_1_mobile_platform_firmwaresnapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"fastconnect_7800_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)qru1052_firmwaresd675snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmwaresa7775psnapdragon_8c_compute_platform_\(sc8180xp-ad\)sxr2230psa8620p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_850_mobile_compute_platform_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)sa8770psrv1m_firmwarewcd9375qca6574_firmwaresnapdragon_x24_lte_modem_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqcs4490sa8620psnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)sa6145p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqca6430qca6595_firmwareqam8775p_firmwareqca6391_firmwareqdu1000_firmwaresd_8cx_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)_firmwaresnapdragon_x65_5g_modem-rf_systemwcn6740qca8081snapdragon_8_gen_3_mobile_platformqca6688aq_firmwaresd888_firmwaresnapdragon_850_mobile_compute_platformsa6155_firmwaresa7775p_firmwaresnapdragon_x75_5g_modem-rf_systemsa8775pwsa8815_firmwaresa9000p_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)wcd9390_firmwaresnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)fastconnect_6900qam8255pvideo_collaboration_vc3_platformqcn6274_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)qca6431fastconnect_6200_firmwarewsa8835sd_8cxsd865_5gfastconnect_6800_firmwarewcd9375_firmwarerobotics_rb3_platformqca6564auqam8620pqca6595auqcc710snapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresa6155p_firmwaressg2125pqamsrv1mwcn3950sxr2130_firmwaresrv1h_firmwarefastconnect_7800qfw7124sd_675sa6145psnapdragon_ar2_gen_1_platform_firmwareqcm5430qfw7114_firmwaretalynplusqru1032_firmwaresnapdragon_670_mobile_platformsnapdragon_x50_5g_modem-rf_system_firmwareqcs9100_firmwaresa8530p_firmwaresm4635snapdragon_8_gen_3_mobile_platform_firmwareqca6174a_firmwareqca6564a_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)_firmwareqca6174aqca6335qru1032qca8337snapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)wcn3990_firmwaretalynplus_firmwareqam8620p_firmwarewsa8830wcn3990wsa8830_firmwareqca6574auqca6430_firmwaresa8155p_firmwareqcs5430_firmwaresa8770p_firmwaresnapdragon_678_mobile_platform_\(sm6150-ac\)_firmwareqcm6490qca6420snapdragon_xr2_5g_platform_firmwaresd865_5g_firmwareqca6436_firmwareqca6595sxr2130sa8255pSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2024-49600
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.42%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 14:56
Updated-04 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2024-49842
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.41%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Hypervisor

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresdm429w_firmwareqcm8550_firmwarerobotics_rb3sd865_5gqca6595sm8735wcd9370qca8081_firmwaresnapdragon_670_mobileqca6696qam8620p_firmwarewcn7880_firmwarewcd9340_firmwarewcd9341_firmwaresxr2330p_firmwarewcd9395_firmwarewcn7881_firmwarewcn7750qcc710_firmwareqca6426fastconnect_6700snapdragon_x50_5g_modem-rf_firmwarewsa8832_firmwaresnapdragon_wear_4100\+_firmwareqca8337qdu1110qca6426_firmwarewcd9395sc8180xp-aaabqca6574au_firmwaresnapdragon_x72_5g_modem-rfqam8295pwcd9341qca6574auwcd9390snapdragon_888\+_5g_mobile_firmwaresa8620p_firmwarewsa8810_firmwarewsa8845h_firmwaresa9000p_firmwaresc8180xp-acafsrv1hsnapdragon_850_mobile_computewcn3660b_firmwareqcs9100sdx80mfastconnect_6800_firmwareqcs5430wcn7860qcm5430qcm5430_firmwaresa8770psnapdragon_678_mobile_firmwaressg2115pqcc710snapdragon_x32_5g_modem-rf_firmwaresnapdragon_xr2_5g_firmwaresa8540pqsm8350_firmwaresnapdragon_wear_4100\+fastconnect_6900qru1032_firmwareqep8111sa7255pqfw7114wcd9385_firmwareqca6421qca6310qam8255p_firmwaresa8155_firmwareqca6335snapdragon_x65_5g_modem-rfwsa8845sa6155pqca6421_firmwaresc8180x-adqca6564au_firmwaresnapdragon_429_mobile_firmwarewsa8810qam8650pqdu1000_firmwaresa9000psrv1h_firmwaresnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobileqdu1010wcd9326_firmwaresa6155p_firmwaresnapdragon_845_mobile_firmwarewsa8840snapdragon_ar1_gen_1srv1m_firmwareqcs8550_firmwaresnapdragon_x35_5g_modem-rf_firmwareqdu1210_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6436_firmwaresm8750psnapdragon_x55_5g_modem-rf_firmwaresnapdragon_x62_5g_modem-rf_firmwareqmp1000qca6420wcd9370_firmwareqdu1110_firmwareqdu1000wcn3660bqca6574asnapdragon_x72_5g_modem-rf_firmwaresa7255p_firmwarewcn3620_firmwareqca6174awcd9340qdu1210snapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490sa8540p_firmwareqcm8550snapdragon_765_5g_mobile_firmwareqcn9274vision_intelligence_300_firmwaresa8775pqca6574sd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwaresa8775p_firmwareqamsrv1hsdx57mwsa8845hwcd9326sa8155p_firmwareqca6564asa8155psnapdragon_765g_5g_mobile_firmwarewsa8830sa6145psnapdragon_768g_5g_mobile_firmwaresa8255p_firmwarear8035qamsrv1m_firmwarewcn7750_firmwaresa8650p_firmwaresa6155wcn3620srv1l_firmwareqcs9100_firmwaresnapdragon_865\+_5g_mobile_firmwareqcn6224snapdragon_429_mobileqca6698aqwcn3950_firmwaresa7775p_firmwaressg2125p_firmwarefastconnect_6200sd670wcn3680bsc8180x-acaf_firmwarewcd9378qdx1011sa8150p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990robotics_rb3_firmwaresnapdragon_x75_5g_modem-rf_firmwaresd670_firmwaresnapdragon_8_gen_3_mobilesnapdragon_855_mobileqcs6490sc8180xp-acaf_firmwarefastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwarewsa8845_firmwarewsa8832wcd9378_firmwaresdx57m_firmwaresrv1lsxr2130_firmwaresrv1mqca6678aqsnapdragon_860_mobile_firmwaresnapdragon_x35_5g_modem-rfar8035_firmwaresc8180xp-aaab_firmwarewcn7860_firmwaresc8380xpsnapdragon_x62_5g_modem-rfqca6564ausc8180xp-adsc8280xp-abbbwsa8815_firmwareqca8337_firmwareqca9377_firmwareqcm6490_firmwaresm7250p_firmwareqru1032vision_intelligence_400_firmwarewcn3950snapdragon_870_5g_mobile_firmwaresm8750qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresa8295p_firmwaresnapdragon_870_5g_mobilesd_675_firmwaresnapdragon_678_mobilesm7250psc8180x-acafsa8155sd_8cx_firmwaresc8180x-ad_firmwareqca6584auqcn6274_firmwareqru1062_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_675_mobile_firmwaresnapdragon_768g_5g_mobilesc8380xp_firmwareqru1062qca6310_firmwaresnapdragon_845_mobilesnapdragon_8_gen_3_mobile_firmwarefastconnect_6800qfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesnapdragon_865_5g_mobile_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwareqmp1000_firmwaresnapdragon_xr2_5gwcn7880sa8150psxr2330psnapdragon_x24_lte_modemsc8180x-aaabsxr1230psc8180x-aaab_firmwarewcn7881video_collaboration_vc3_platformaqt1000qca6688aqqam8295p_firmwaresd855qca6431_firmwarewcn3990_firmwareqca6698aq_firmwareqca6564a_firmwarewcd9385snapdragon_888\+_5g_mobileqsm8350snapdragon_8_gen_1_mobilesa8255psxr1230p_firmwarewcd9390_firmwaresnapdragon_865\+_5g_mobileqep8111_firmwareqca6430snapdragon_855\+_mobilesnapdragon_765_5g_mobileqdx1011_firmwaresnapdragon_860_mobilesc8180xp-ad_firmwaresm8750_firmwaresdx55_firmwaressg2125pqru1052sxr2130snapdragon_x65_5g_modem-rf_firmwareqamsrv1mqca6174a_firmwarewcn7861_firmwarewcn7861snapdragon_x50_5g_modem-rfqam8650p_firmwaresnapdragon_670_mobile_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresdm429wqam8620psd855_firmwarewcn3980_firmwareqca6436qca6584au_firmwareqcn6274snapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqfw7124qca6595au_firmwareqdu1010_firmwareqcs8300_firmwareqca6696_firmwareqcs8300wcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqam8775pqca9377snapdragon_ar2_gen_1_firmwareqca6797aqsnapdragon_x75_5g_modem-rfsa8620pqca6574a_firmwaresdx55snapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwaresd675sd_8_gen1_5g_firmwarewcd9375_firmwaresa7775pqca6391snapdragon_ar1_gen_1_firmwareqcn9274_firmwareqcs5430_firmwaresnapdragon_x32_5g_modem-rfqru1052_firmwaresa8770p_firmwaresa8295pqcs8550sm8735_firmwaresc8280xp-abbb_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresm8750p_firmwarewcd9375qca6688aq_firmwarevision_intelligence_300snapdragon_ar2_gen_1snapdragon_765g_5g_mobileqamsrv1h_firmwaresd_675wsa8835_firmwaresdx80m_firmwaresd_8cxssg2115p_firmwarevision_intelligence_400wcn3980qdx1010wcn3680b_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2024-45334
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.57%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 18:27
Updated-13 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-antivirus_oneTrend Micro Antivirus Oneantivirus_one
CWE ID-CWE-284
Improper Access Control
CVE-2024-43492
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.95%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-autoupdateMicrosoft AutoUpdate for Mac
CWE ID-CWE-284
Improper Access Control
CVE-2024-43530
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.62% / 69.65%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:53
Updated-08 Jul, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_23h2windows_server_2022windows_11_22h2windows_10_22h2Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 22H3
CWE ID-CWE-284
Improper Access Control
CVE-2024-43503
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.62% / 69.44%
||
7 Day CHG-0.11%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft SharePoint Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-284
Improper Access Control
CVE-2024-43590
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 67.12%
||
7 Day CHG-0.09%
Published-08 Oct, 2024 | 17:36
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017visual_studio_2022Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.10Visual C++ Redistributable InstallerMicrosoft Visual Studio 2022 version 17.11
CWE ID-CWE-284
Improper Access Control
CVE-2021-42029
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.35%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1507ssimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1511csimatic_s7-1500_cpu_1512sp-1simatic_s7-1500_cpusimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsimatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_1512spf-1simatic_s7-1500_cpu_1518-4_pnsimatic_s7-1500_cpu_1513-1simatic_s7-1500_cpu_1517-3_pnsimatic_s7-1500_cpu_1510spsimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1513r-1simatic_s7-1200_cpu_1215_fcsimatic_s7-1500_cpu_1511-1simatic_s7-1500_cpu_1518-4_dpsimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1500_cpu_1511-1_pnsimatic_step_7simatic_s7-1500_cpu_1518hf-4simatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1512csimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517-3_pn\/dpsimatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1508s_fsimatic_s7-1200_cpusimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1500_cpu_1517-3_dpsimatic_s7-1200_cpu_1214csimatic_s7-1500_cpu_1516tf-3simatic_s7-1500_cpu_1511t-1simatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1511f-1simatic_s7-1500_cpu_1515-2_pnsimatic_s7-1200_cpu_1214_fcsimatic_s7-1500_cpu_1515tf-2simatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1516-3_pnsimatic_s7-1500_cpu_1516-3_dpsimatic_s7-1500_cpu_1508ssimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1515f-2simatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1500_cpu_1507s_fsimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1500_cpu_1518simatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1518tf-4simatic_s7-1500_cpu_1518t-4SIMATIC STEP 7 (TIA Portal) V17SIMATIC STEP 7 (TIA Portal) V16SIMATIC STEP 7 (TIA Portal) V15
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found