Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-7301

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Jan, 2020 | 17:23
Updated At-06 Aug, 2024 | 12:47
Rejected At-
Credits

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Jan, 2020 | 17:23
Updated At:06 Aug, 2024 | 12:47
Rejected At:
▼CVE Numbering Authority (CNA)

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html
x_refsource_MISC
https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/
x_refsource_MISC
Hyperlink: https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html
Resource:
x_refsource_MISC
Hyperlink: https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html
x_refsource_MISC
x_transferred
https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/
x_refsource_MISC
x_transferred
Hyperlink: https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Jan, 2020 | 18:15
Updated At:04 Feb, 2020 | 14:24

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
HP Inc.
hp
>>sgi_tempo>>-
cpe:2.3:a:hp:sgi_tempo:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarynvd@nist.gov
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/cve@mitre.org
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.htmlcve@mitre.org
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

207Records found
CVE-2014-7302
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.73%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:23
Updated-06 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.

Action-Not Available
Vendor-n/aHP Inc.
Product-sgi_tempon/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2014-7303
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.87%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:23
Updated-06 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.

Action-Not Available
Vendor-n/aHP Inc.
Product-sgi_tempon/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-23454
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.06%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:35
Updated-27 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Action-Not Available
Vendor-HP Inc.
Product-support_assistantHP Support Assistant
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-23453
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.06%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:34
Updated-27 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Action-Not Available
Vendor-HP Inc.
Product-support_assistantHP Support Assistant
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-1038
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.06%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 20:38
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.

Action-Not Available
Vendor-HP Inc.
Product-laptop_17-by0xxxomen_15-ax0xxlaptop_15q-dy1xxxenvy_laptop_17m-ae0xxenvy_x360_convertible_pc_15m-bp1xxnotebook_pc_15-be1xx250_g6_notebook_pcenvy_laptop_17m-bw0xxxomen_15-ax1xxnotebook_14-au0xxprobook_640_g3laptop_14s-dy0xxxprodesk_600_g3_microtower_pcnotebook_14-aq1xxomen_17-an1xxconvertible_x360_11-ab1xxstream_11_pro_g3_notebook_pcengage_one_aio_systempavilion_x360_convertible_11m-ad1xxelitebook_850_g3prodesk_480_g5_microtower_pcelitedesk_800_g4_sffspectre_x360_convertible_15-ap0xxnotebook_15-bf1xxlaptop_14-bw0xxstream_laptop_11-y1xxlaptop_14q-bu1xxprobook_455_g6pavilion_x360_convertible_15-dq0xxxpavilion_notebook_17-ab3xxlaptop_15g-dx0xxxomen_17-an0xxlaptop_15s-fy0xxxprobook_650_g2zbook_17_g4envy_notebook_17-u1xxconvertible_x360_11-ab0xxpavilion_laptop_14-ce1xxxlaptop_15-dy0xxxzbook_15_g3laptop_14q-cy0xxxpavilion_x360_convertible_14-cc0xxspectre_x360_convertible_15-bl1xxlaptop_14-bp1xxlaptop_14-cf0xxxpavilion_laptop_14-bk0xxx360_310_g2_convertible_pcelitebook_840r_g4elitedesk_705_g2_mt_sffspectre_x360_convertible_13-w0xxprodesk_400_g4_microtowerlaptop_15-di0xxxlaptop_15-bs5xxenvy_notebook_17-s1xxlaptop_14s-cr0xxxpavilion_gaming_laptop_15-cx0xxxeliteone_800_g2pavilion_x360_convertible_14q-dh0xxxenvy_laptop_13-ah0xxxprobook_450_g3envy_x360_convertible_m6-ar0xxpavilion_laptop_15-cc7xxprobook_470_g4stream_14_pro_notebook_pcnotebook_14-ar0xxprodesk_600_g2_dmelitebook_725_g4laptop_14s-dk0xxxpavilion_15-bc000_notebook_pc_series_\(touch\)290_g1_microtower_pclaptop_15-db0xxxpavilion_x360_convertible_11-ad1xxprodesk_480_g4_microtower_pcpavilion_gaming_laptop_15-dk0xxxproone_440_g4zbook_15u_g3envy_x360_convertible_13-y0xxlaptop_15q-bu1xxpavilion_x360_convertible_15-br0xxzhan_66_pro_15_g2laptop_14-bs1xxpavilion_14_g1_notebook_pcpavilion_x360_convertible_14m-dh0xxxlaptop_14s-dm0xxxlaptop_14s-bc1xxproone_600_g2laptop_14s-dr0xxxelitedesk_800_g2_sffnotebook_17-x1xxpavilion_x360_convertible_14q-cd1xxxprodesk_400_g5_microtowerenvy_x360_convertible_15-w2xxelitebook_745_g5notebook_14-as0xxlaptop_15g-dr0xxxomen_17-cb0xxxlaptop_17-ak0xxenvy_x360_convertible_pc_15m-bp0xxprobook_430_g4laptop_14g-cr0xxxnotebook_17-ad1xxpavilion_notebook_17-ab0xxlaptop_15g-br0xxpavilion_x360_convertible_14m-ba1xxelitebook_755_g5envy_notebook_15-as1xxlaptop_14q-cy1xxxstream_14-ax000_laptop_pcstream_11_pro_g4pavilion_x360_convertible_11-u1xx15-f200_notebook_pc_touchprobook_440_g3laptop_15-bs1xxnotebook_14-an0xxlaptop_14s-bc0xxpavilion_x360_convertible_15-bk1xxnotebook_14-am1xxenvy_x360_convertible_15m-dr0xxxpro_tablet_608_g1notebook_15-f3xxnotebook_14-ar1xxlaptop_15-ra0xxzbook_14u_g4pro_x2_612_g2260_g3_desktop_minilaptop_14s-bp0xxpavilion_x360_convertible_m1-u0xxprodesk_680_g2_microtower_pcelitedesk_800_65w_g2_desktop_mini_pcpavilion_x360_convertible_14-cc1xxzhan_99_g1_mobile_workstationeliteone_1000_g2pavilion_15-bc000_notebook_pc_seriesenvy_x360_convertible_15m-cn0xxxpavilion_laptop_14-bf0xxlaptop_15g-bx0xxnotebook_14-aq0xxpavilion_notebook_15-bc3xxprobook_430_g3probook_11_g2250_g5_notebook_pc260_g3_desktop_mini_pcspectre_x2_detachable_12-c0xxprodesk_400_g3_sfflaptop_14g-br1xxlaptop_15s-dr0xxxlaptop_15-bs2xxnotebook_15-bg1xxelitebook_725_g3elitebook_1030_g1envy_laptop_17m-ce0xxxpavilion_laptop_15-cs0xxxpavilion_laptop_17-ar0xxenvy_x360_convertible_15-aq1xxprodesk_400_g3_dmspectre_folio_convertible_13-ak0xxxprodesk_600_g3_desktop_minipavilion_laptop_15-ck0xx280_g3_pci_microtower_pcelitedesk_800_g3_sff255_g7_notebook_pcelitebook_745_g4probook_650_g3envy_laptop_17-ce0xxxelitebook_revolve_810_g3elitebook_846_g5pavilion_notebook_15-dp0xxx255_g5_notebook_pcnotebook_15-ba0xxlaptop_14-di0xxxelitebook_1050_g1laptop_14-dk0xxxspectre_pro_x360_g2_convertible_pcelitedesk_800_35w_g2_desktop_mini_pclaptop_17-ca0xxxpavilion_x360_14_g1_convertible_pcenvy_x360_convertible_15-bq0xx255_g6_notebook_pcpavilion_laptop_15-cs1xxxlaptop_14-di1xxxpavilion_laptop_14-ce0xxxzbook_17_g2notebook_17-x0xx240_g5_notebook_pcprobook_455_g3probook_655_g2vr_backpack_g2zhan_66_pro_a_g1spectre_x360_convertible_15-ch0xx288_pro_g3_microtower_pcelitedesk_880_g4_tower_pcelitebook_840_g5_healthcare_editionlaptop_15-dw0xxxpavilion_x360_convertible_11m-ad0xxstream_laptop_11-ak0xxxelitebook_830_g5zbook_15_g2laptop_14-cm1xxxenvy_x360_convertible_15-cn0xxxlaptop_14s-be0xxzbook_studio_g4probook_446_g3envy_laptop_17m-ae1xxlaptop_14q-bu0xxlaptop_14s-cs1xxxomen_15-dc0xxxspectre_x360_convertible_15-df0xxxlaptop_17g-cr0xxxpavilion_17-ab000_notebook_pc_series_\(touch\)laptop_17-by1xxxelitedesk_800_65w_g3_desktop_mini_pcelitedesk_705_g4_microtower_pcspectre_laptop_13-af0xxspectre_x360_convertible_13-ap0xxxpavilion_laptop_15-cw1xxxelitebook_1040_g2elitebook_755_g4zbook_15u_g4elitedesk_705_g3_microtower_pcprobook_440_g6laptop_14s-cs0xxxlaptop_15-bw5xxnotebook_pc_15-bd1xxlaptop_17-bs0xxprobook_x360_11_g3_education_editionelitebook_828_g3eliteone_1000_g1envy_x360_convertible_13-ar0xxxpavilion_power_laptop_15-cb0xxpavilion_laptop_14-bf6xxproone_600_g4spectre_notebook_13-v1xxenvy_x360_convertible_pc_15-bp1xxnotebook_pc_15-be0xxlaptop_14-bs0xxlaptop_14-bs5xxenvy_notebook_15-as0xxenvy_x360_convertible_15m-bq1xxlaptop_14s-dp0xxxlaptop_14-ma1xxxenvy_x360_convertible_13m-ar0xxxelitebook_840_g3stream_11_pro_g5_notebook_pcprobook_640_g4probook_645_g3elitebook_840_g4omen_15-dg0xxxpavilion_notebook_14-al1xxpavilion_notebook_17-ab2xxprodesk_600_g2_sffomen_17-w0xxprodesk_600_g3_sffnotebook_pc_15-ay1xxenvy_x360_convertible_15m-cp0xxxlaptop_15-di1xxxpavilion_x360_convertible_14-ba2xxpavilion_laptop_15-cu1xxxprodesk_400_g2_dmelitedesk_800_35w_g3_desktop_mini_pclaptop_14g-cx0xxxeliteone_800_g3pavilion_x360_convertible_11-u0xxpavilion_laptop_15-cc5xxelitedesk_880_g3_tower_pczbook_studio_g5elitebook_840_g5laptop_14s-bp1xxlaptop_15-bs0xxenvy_x360_convertible_15-aq2xxlaptop_14q-bu2xxenvy_laptop_13-ad0xxlaptop_15q-ds0xxxlaptop_14q-cs0xxxprobook_x360_440_g1pavilion_notebook_15-bc4xxelitebook_820_g4laptop_14g-cx1xxxnotebook_15-bg0xxlaptop_15-bw6xxelitebook_850_g5pavilion_x360_convertible_11m-ap0xxxlaptop_15q-by0xxlaptop_15g-br1xxpavilion_x360_convertible_15-br1xxlaptop_14-ck0xxxpavilion_laptop_15-cc0xxenvy_x360_convertible_pc_15-bp000elitebook_848_g3elitebook_x360_1040_g5elitebook_755_g3elitebook_folio_g1pavilion_x360_convertible_15-cr0xxxlaptop_14g-br2xxprobook_650_g4pavilion_x360_convertible_14-ba1xxenvy_x360_convertible_13-ag0xxxlaptop_14-bs2xxenvy_x360_convertible_15m-bq0xxspectre_x360_convertible_13-42xxprodesk_680_g4_microtower_pc\(with_pci_slot\)notebook_17-ac0xxlaptop_17g-br1xxenvy_notebook_13-d1xxzhan_86_pro_g1elite_x2_1013_g3elitebook_x360_1020_g2spectre_x360_convertible_13-ae0xxelitebook_x360_1030_g3envy_x360_convertible_15-dr0xxxzhan_66_pro_13_g2laptop_15-bs6xxenvy_laptop_17-bw0xxxzbook_studio_x360_g5zhan_66_pro_14_g2probook_445_g6elitedesk_800_g3_tower_pcelitedesk_705_g3_desktop_minilaptop_14s-dq0xxxprobook_645_g2notebook_17-ac1xxpavilion_notebook_17-ab4xxprodesk_680_g3_microtower_pczbook_15v_g5_mobile_workstation280_g3_microtower_pcpavilion_notebook_14-al0xxlaptop_14q-by0xxenvy_laptop_13-aq0xxxenvy_x360_convertible_15-ds0xxxprobook_430_g5laptop_15q-dy0xxxelitedesk_800_65w_g4_desktop_mini_pcpavilion_x360_convertible_14-dh0xxxpavilion_notebook_14-av0xxprobook_x360_11_g2laptop_15s-du0xxxnotebook_15-ba1xxnotebook_pc_15-ay0xxelitedesk_800_g2_twrprodesk_400_g4_sffpavilion_notebook_15-au0xxlaptop_17q-cs0xxxspectre_x360_convertible_15-bl0xx340_g5_notebook_pcomen_15-ce0xxlaptop_15g-dx1xxxomen_17-ap0xxelitebook_828_g4elitebook_850_g4pavilion_x360_convertible_14m-ba0xxelitebook_x360_1030_g2engage_go_mobile_system258_g7_notebook_pcenvy_x360_convertible_15-cp0xxxenvy_x2_detachable_12-g0xxlaptop_15-bs7xxlaptop_14-dq0xxxenvy_laptop_13-ah1xxxlaptop_17-bs1xxlaptop_14s-be1xxelitebook_820_g3pavilion_x360_convertible_14-ba0xxlaptop_15-ra1xxelite_x2_1012_g2pavilion_laptop_14-ce2xxxspectre_laptop_13-af1xxenvy_laptop_17-ae0xxpavilion_x360_convertible_13-u0xxpavilion_gaming_laptop_17-cd0xxxlaptop_14-cf1xxxzhan_66_pro_g1envy_notebook_17-u2xxelitebook_836_g5pavilion_notebook_15-au1xxprodesk_400_g4_dmproone_400_g2laptop_17q-bu1xxlaptop_17-ca1xxxnotebook_14-am0xxpavilion_x360_convertible_m1-u1xxomen_15-ax2xxenvy_x360_convertible_15-bq1xxpavilion_x360_convertible_14q-cd0xxxlaptop_14s-cr1xxxprobook_455_g4probook_450_g4laptop_17g-cr1xxxlaptop_14g-br0xxenvy_x360_convertible_13m-ag0xxxlaptop_15q-ds1xxxlaptop_14g-cr1xxxeliteone_800_g4omen_17-w1xxprobook_470_g5pavilion_x360_convertible_11-ad0xxomen_15-ce1xxpavilion_laptop_15-cu0xxxlaptop_15-db1xxxlaptop_14-cm0xxxenvy_x360_convertible_15-bq2xxlaptop_17g-br0xxnotebook_pc_15-ay5xxlaptop_15s-fq0xxxpro_x2_612_g1laptop_15-da0xxxlaptop_14q-cs1xxxnotebook_17-y0xxpavilion_laptop_15-cc6xxelitedesk_880_g2_tower_pcpavilion_15-bc500_laptopprobook_655_g3elitedesk_800_g4_tower_pcnotebook_15-bf0xxpavilion_notebook_17-g2xxlaptop_14-bs6xxpavilion_laptop_14-bf1xxenvy_x360_convertible_15-aq0xxproone_600_g3laptop_15s-dy0xxxlaptop_15-da1xxxpavilion_x360_convertible_m3-s000pavilion_laptop_15-cs2xxxpavilion_x360_convertible_11-ap0xxxlaptop_15s-fr0xxxlaptop_14-ma0xxxlaptop_15-bw0xxpavilion_notebook_15-aw1xxenvy_x360_convertible_15m-ds0xxxpavilion_laptop_15-cc1xxprobook_645_g4laptop_15g-dr1xxxpavilion_laptop_15-cd0xxprobook_x360_11_g1zbook_15_g5notebook_pc_15-bd0xx240_g6_notebook_pcprobook_450_g5pavilion_notebook_15-bc2xxenvy_laptop_17-ae1xx240_g7_notebook_pcpavilion_laptop_14-bk1xxomen_15-dh0xxxelitebook_1040_g4elitebook_735_g5notebook_17-ad0xxprodesk_600_g2_microtower_pcelitedesk_705_g3_sff_pcpavilion_x360_convertible_15-bk0xxprobook_470_g3laptop_17q-cs1xxxenvy_x360_convertible_15-ar0xxenvy_x360_convertible_15-cn1xxxengage_flex_pro-c_retail_systempavilion_x360_convertible_13-u1xxspectre_x360_convertible_13-ac0xxspectre_pro_13_g1_notebook_pcpavilion_laptop_15-cw0xxxelitebook_848_g4omen_17-w2xxprobook_640_g2pavilion_laptop_13-an0xxxprobook_440_g5probook_430_g6laptop_17q-bu0xxlaptop_14s-cf0xxx245_g6_notebook_pcstream_11_pro_g4_notebook_pcelite_x2_1012_g1laptop_14-bp0xxlaptop_14s-cf1xxxprobook_440_g4probook_450_g6pavilion_notebook_17-g1xxproone_480_g3zbook_15_g4245_g7_notebook_pcenvy_laptop_13-ad1xxlaptop_14-ck1xxxjumpstartlaptop_15q-bu0xxlaptop_14g-bx0xxspectre_notebook_13-v0xxHP Jumpstart
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-12287
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:11
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-distribution_of_openvino_toolkitIntel(R) Distribution of OpenVINO(TM) Toolkit Advisory
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 06:14
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.

Action-Not Available
Vendor-automoxn/aMicrosoft Corporation
Product-windowsautomoxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43326
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.54% / 81.16%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 06:14
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.

Action-Not Available
Vendor-automoxn/aMicrosoft Corporation
Product-windowsautomoxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-12346
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:56
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-battery_life_diagnostic_toolIntel(R) Battery Life Diagnostic Tool
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-12307
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:13
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-high_definition_audio_driverIntel(R) High Definition Audio drivers
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-10939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 24.76%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 19:57
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.

Action-Not Available
Vendor-n/aPhoenix Contact GmbH & Co. KG
Product-pc_worx_srtn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-42055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 27.07%
||
7 Day CHG~0.00%
Published-18 Oct, 2021 | 16:21
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-ux582lrux582lr_firmwaren/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-10606
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.91%
||
7 Day CHG~0.00%
Published-24 Jul, 2020 | 22:55
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment.

Action-Not Available
Vendor-osisoftn/a
Product-pi_data_collection_managerpi_data_archivepi_integratorpi_connector_relaypi_interface_configuration_utilitypi_to_ocspi_apipi_buffer_subsystempi_connectorOSIsoft PI System multiple products and versions
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-42011
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.13%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0560
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.39%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 16:41
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-renesas_electronics_usb_3.0_driverIntel(R) Renesas Electronics(R) USB 3.0 Driver
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-0235
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.60%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx4200junossrx4100srx1500srx5000srx4600Junos OS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0547
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.39%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 16:58
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_migrationIntel(R) Data Migration Software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0514
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 19:59
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-graphics_driverIntel(R) Graphics Drivers
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0562
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.20%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 18:21
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) RWC2, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-raid_web_console_2Intel(R) RWC2
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-38420
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.56%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 19:05
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dialinkDIALink
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0508
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 19:58
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-graphics_driverIntel(R) Graphics Drivers
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-9450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.50%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 11:08
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe.

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_image_2020n/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3579
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 13:50
Updated-16 Sep, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.

Action-Not Available
Vendor-Bitdefender
Product-total_securityendpoint_security_toolsENdpoint Security Tools for WindowsTotal Security
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-34395
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-3.9||LOW
EPSS-0.05% / 14.49%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 21:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_tx1jetson_linuxNVIDIA Jetson TX1
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3462
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.63%
||
7 Day CHG-0.07%
Published-13 Apr, 2021 | 20:41
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_l15_gen_1thinkpad_x13_yoga_gen_1thinkpad_a275thinkpad_e15thinkpad_x1_yoga_gen_2thinkpad_p17_gen_1thinkpad_x380_yogathinkpad_a485thinkpad_25thinkpad_s2_yoga_gen_5thinkpad_e490thinkpad_s2_gen_2thinkpad_p53sthinkpad_t480sthinkpad_t570thinkpad_s1_gen_4thinkpad_x13_yoga_gen_2thinkpad_t14s_gen_1thinkpad_t490thinkpad_p51sthinkpad_e14_gen2thinkpad_t590thinkpad_x390_yogathinkpad_p53thinkpad_x13_gen_2ithinkpad_e575thinkpad_r14_gen_2thinkpad_e14thinkpad_x1_yoga_gen_6thinkpad_e570thinkpad_l590thinkpad_l13_yoga_gen_2thinkpad_l570thinkpad_x1_carbon_gen_5thinkpad_p14s_gen_1thinkpad_p52thinkpad_p43sthinkpad_a475thinkpad_l480thinkpad_e475power_management_driverthinkpad_x1_titanium_gen_1thinkpad_s5_gen_2thinkpad_e15_gen2thinkpad_t14_gen_2thinkpad_x1_yoga_gen_4thinkpad_13_gen_2thinkpad_e495thinkpad_s2_yoga_gen_6thinkpad_x1_carbon_gen_8thinkpad_x270thinkpad_l580thinkpad_a285thinkpad_e580thinkpad_p1_gen_3thinkpad_p1thinkpad_l14_gen_2thinkpad_x1_tablet_gen_2thinkpad_l13_gen_2thinkpad_x280thinkpad_p71thinkpad_t15_gen_1thinkpad_x390thinkpad_s3_gen_2thinkpad_p1_gen_2thinkpad_t15g_gen_1thinkpad_x1_yoga_gen_3thinkpad_11e_yoga_gen_6thinkpad_r14thinkpad_yoga_370thinkpad_l470thinkpad_x1_carbon_gen_7thinkpad_x395thinkpad_l15_gen_2thinkpad_t470thinkpad_p15v_gen_1thinkpad_l390thinkpad_e570cthinkpad_l380thinkpad_t580thinkpad_l14_gen_1thinkpad_l390_yogathinkpad_r480thinkpad_x1_extremethinkpad_e480thinkpad_l490thinkpad_11e_gen_5thinkpad_l380_yogathinkpad_p51thinkpad_l13thinkpad_t490sthinkpad_p73thinkpad_e470thinkpad_t15p_gen_1thinkpad_s2_gen_5thinkpad_x1_tablet_gen_3thinkpad_x1_extreme_gen_3thinkpad_l13_yoga_gen_1thinkpad_e590thinkpad_t470sthinkpad_p72thinkpad_t14_gen_1thinkpad_t15_gen_2thinkpad_t470pthinkpad_x12thinkpad_l13_gen_1thinkpad_x13_gen_1thinkpad_t14s_gen_2ithinkpad_e470cthinkpad_s2_gen_6thinkpad_x1_nano_gen_1thinkpad_e595thinkpad_x1_carbon_gen_9thinkpad_t495thinkpad_p14s_gen_2thinkpad_l13_yogathinkpad_p15s_gen_2thinkpad_p15_gen_1thinkpad_t480thinkpad_p15s_gen_1thinkpad_x1_extreme_2ndthinkpad_p52sthinkpad_x1_carbon_gen_6thinkpad_yoga_11e_gen_5thinkpad_x1_yoga_gen_5Power Management Driver for Windows 10
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-33062
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 19:10
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-vtune_profilerIntel(R) VTune(TM) Profiler
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-33071
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 19:03
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_rendering_toolkitIntel(R) oneAPI Rendering Toolkit
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-33129
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-advisorIntel(R) Advisor
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-31822
Matching Score-4
Assigner-Octopus Deploy
ShareView Details
Matching Score-4
Assigner-Octopus Deploy
CVSS Score-7.8||HIGH
EPSS-0.09% / 24.76%
||
7 Day CHG~0.00%
Published-24 Nov, 2021 | 00:35
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access.

Action-Not Available
Vendor-Linux Kernel Organization, IncOctopus Deploy Pty. Ltd.
Product-tentaclelinux_kernelOctopus Tentacle
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-7794
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55.

Action-Not Available
Vendor-Mozilla CorporationLinux Kernel Organization, Inc
Product-firefoxlinux_kernelFirefox
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-8701
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.29%
||
7 Day CHG-0.00%
Published-17 Feb, 2021 | 13:39
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-solid-state_drive_toolboxIntel(R) SSD Toolbox versions
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-2173
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.44%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:14
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-25355
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.32%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:13
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-25381
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:40
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidaccountSamsung Account
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2004-1778
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 18.75%
||
7 Day CHG~0.00%
Published-03 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.

Action-Not Available
Vendor-skypen/a
Product-skypen/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2001-0497
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.06%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

Action-Not Available
Vendor-n/aInternet Systems Consortium, Inc.
Product-bindn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-22817
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)

Action-Not Available
Vendor-n/a
Product-hmibmuhi29d2801_firmwarehmibmphi74d4801_firmwarehmibmp0i74di00a_firmwarehmibmp0i74d2001hmibmuhi29d4801hmibmu0i29d4001hmibmusi29d4801_firmwarehmibmiea5dd1001hmibmuci29d2w01_firmwarehmibmp0i74d4001hmibmiea5dd100ahmibmu0i29d2001_firmwarehmibmphi74d4801hmibmu0i29de00a_firmwarehmibmo0a5ddf101_firmwarehmibmoma5ddf10l_firmwarehmibmoma5dd1e01hmibmu0i29d200a_firmwarehmibmp0i74d400ahmibmiea5dd1e01_firmwarehmibscea53d1l01_firmwarevijeo_designerhmibmp0i74d2001_firmwarehmibmu0i29di00a_firmwarehmibmoma5dd1e01_firmwarehmibmuci29d2w01hmibmu0i29di00ahmibmp0i74di00ahmibmuci29d4w01_firmwarehmibscea53d1l01hmibmu0i29de00ahmibmiea5dd100a_firmwarehmibscea53d1l0ahmibmu0i29d200ahmibscea53d1l0a_firmwarehmibmu0i29d400a_firmwarehmibmpsi74d4801_firmwarehmibmo0a5ddf10ahmibmpsi74d4801hmibmo0a5dd1001hmibmphi74d2801_firmwarehmibmp0i74de00a_firmwarehmibmp0i74de00ahmibmusi29d2801hmibmu0i29d2001hmibmo0a5ddf10a_firmwarehmibmuhi29d4801_firmwarehmibmiea5dd1e01hmibmusi29d4801hmibmusi29d2801_firmwarehmibmiea5dd1001_firmwarehmibmpsi74d2801hmibmiea5dd1101_firmwarehmibmuci29d4w01hmibmiea5dd1101hmibmp0i74d200ahmibmiea5dd110lhmibmp0i74d4001_firmwarehmibscea53d1l0t_firmwarehmibmp0i74d200a_firmwarehmibmoma5ddf10lhmibmu0i29d4001_firmwarehmibmphi74d2801hmibmoma5dd1101_firmwarehmibmo0a5dd1001_firmwarehmibscea53d1l0thmibmo0a5ddf101hmibmiea5dd110l_firmwarehmibmp0i74d400a_firmwarehmibmoma5dd1101hmibmu0i29d400ahmibmpsi74d2801_firmwarehmibmuhi29d2801Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-14737
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.96%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 18:15
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.

Action-Not Available
Vendor-ubisoftn/a
Product-uplayn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-13468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 15.04%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 15:28
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection).

Action-Not Available
Vendor-gigadevicen/a
Product-gd32f130gd32f130_firmwaren/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-17365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.15%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 21:19
Updated-15 Jan, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.

Action-Not Available
Vendor-nixosn/a
Product-nixn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-1033
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.44%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185247656

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-1000
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.44%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185190688

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-0486
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.66%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 13:43
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-171430330

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-0246
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.27%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3: In a multi-tenant environment, a tenant host administrator may be able to jailbreak out of their network impacting other tenant networks or gather information from other networks.

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.3 versions prior to 18.3R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 versions prior to 18.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions prior to 19.1R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3. This issue does not affect: Juniper Networks Junos OS versions prior to 18.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5400srx5800srx4200srx5600junossrx4100srx4600srx1500Junos OS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-0065
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 19:19
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ac_8265ac_9462ac_3165_firmwareac_9560_firmwareac_8265_firmwareax200ac_3165ac_9461ac_8260ac_9260ac_9461_firmware9260_firmwareac_3168ac_9462_firmwareac_9560ax200_firmware7265_firmwareac_3168_firmwareax201ax210_firmwareax201_firmwareac_9260_firmwareac_8260_firmwareax2107265Intel(R) PROSet/Wireless WiFi software installer for Windows 10
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-0143
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-17 Jun, 2021 | 11:12
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-brand_verification_toolIntel(R) Brand Verification Tool
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-0058
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 19:05
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-lapbc510_firmwarelapbc510lapbc710lapbc710_firmwareIntel(R) NUC M15 Laptop Kit Driver Pack software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-17043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 16:51
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution.

Action-Not Available
Vendor-bmcn/a
Product-patrol_agentn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-0106
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG-0.00%
Published-09 Jun, 2021 | 19:13
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_gold_6246rxeon_platinum_8276lxeon_platinum_8358xeon_platinum_9222xeon_gold_5315yxeon_gold_5217xeon_gold_6230txeon_platinum_8362xeon_gold_6230nxeon_platinum_8354hxeon_gold_5218nxeon_gold_6338xeon_silver_4309yxeon_platinum_8352yxeon_platinum_8368xeon_gold_5220xeon_gold_6246xeon_silver_4214rxeon_gold_6326xeon_gold_6254xeon_silver_4310txeon_gold_6269yxeon_gold_6240yxeon_gold_6234xeon_platinum_8380xeon_gold_6238rxeon_silver_4316xeon_platinum_8351nxeon_gold_6208uxeon_platinum_8268xeon_gold_5215xeon_platinum_8352vxeon_gold_6336yxeon_gold_6262vxeon_gold_5222xeon_gold_5218xeon_platinum_8284xeon_silver_4209txeon_platinum_8380hxeon_gold_5215lxeon_platinum_8360hlxeon_silver_4215rxeon_gold_6252nxeon_platinum_9221xeon_platinum_8376hxeon_gold_6244xeon_gold_6330xeon_silver_4210txeon_platinum_8321hcxeon_gold_6248xeon_gold_6212uxeon_gold_6314uxeon_platinum_8280xeon_gold_6248rxeon_gold_6354xeon_gold_6258rxeon_gold_6240xeon_gold_6238lxeon_platinum_8352mxeon_gold_6240lxeon_gold_6250xeon_platinum_8353hxeon_platinum_8256xeon_gold_6348hxeon_gold_6262xeon_gold_6330hxeon_gold_5219yxeon_gold_6222vxeon_gold_5318hxeon_platinum_8376hlxeon_gold_6242xeon_gold_5320hxeon_gold_5320xeon_platinum_8360yxeon_platinum_8274xeon_platinum_8260yxeon_platinum_8270xeon_gold_6242rxeon_gold_6338txeon_gold_6346xeon_gold_5218txeon_silver_4215xeon_gold_5220rxeon_gold_5318sxeon_gold_6338nxeon_silver_4214xeon_platinum_8276xeon_platinum_8360hxeon_gold_6238txeon_silver_4210rxeon_gold_6250lxeon_silver_4214yxeon_gold_6210uxeon_gold_6348xeon_gold_6330nxeon_gold_5218bxeon_platinum_8380hlxeon_gold_5318nxeon_platinum_8358pxeon_platinum_8368qxeon_silver_4216xeon_gold_6230xeon_platinum_8253xeon_gold_6240rxeon_silver_4310xeon_gold_6222xeon_gold_5317xeon_gold_6334ipmctlxeon_platinum_8356hxeon_gold_6209uxeon_gold_6226xeon_gold_6256xeon_gold_6342xeon_gold_6230rxeon_gold_6238xeon_gold_6252xeon_gold_5320txeon_silver_4208xeon_platinum_8260xeon_platinum_8352sxeon_gold_5318yxeon_gold_5218rxeon_bronze_3206rxeon_gold_6226rxeon_gold_6312uxeon_gold_6328hxeon_gold_5220sxeon_platinum_9242xeon_platinum_9282xeon_platinum_8260lxeon_platinum_8280lxeon_bronze_3204xeon_gold_6328hlxeon_silver_4314xeon_gold_5220txeon_silver_4210Intel(R) Optane(TM) DC Persistent Memory for Windows software versions
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-0100
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG-0.00%
Published-09 Jun, 2021 | 19:12
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ssd_data_center_toolIntel(R) SSD Data Center Tool, versions downloaded
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found