Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-13149

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 May, 2020 | 19:39
Updated At-04 Aug, 2024 | 12:11
Rejected At-
Credits

Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 May, 2020 | 19:39
Updated At:04 Aug, 2024 | 12:11
Rejected At:
▼CVE Numbering Authority (CNA)

Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/rishaldwivedi/Public_Disclosure/blob/master/README.md#msi-dragon-center-eop
x_refsource_MISC
Hyperlink: https://github.com/rishaldwivedi/Public_Disclosure/blob/master/README.md#msi-dragon-center-eop
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/rishaldwivedi/Public_Disclosure/blob/master/README.md#msi-dragon-center-eop
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/rishaldwivedi/Public_Disclosure/blob/master/README.md#msi-dragon-center-eop
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 May, 2020 | 20:15
Updated At:20 May, 2020 | 18:47

Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
msi
msi
>>dragon_center>>Versions before 2.6.2003.2401(exclusive)
cpe:2.3:a:msi:dragon_center:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarynvd@nist.gov
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/rishaldwivedi/Public_Disclosure/blob/master/README.md#msi-dragon-center-eopcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/rishaldwivedi/Public_Disclosure/blob/master/README.md#msi-dragon-center-eop
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

385Records found
CVE-2022-1038
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.54%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 20:38
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.

Action-Not Available
Vendor-HP Inc.
Product-laptop_17-by0xxxomen_15-ax0xxlaptop_15q-dy1xxxenvy_laptop_17m-ae0xxenvy_x360_convertible_pc_15m-bp1xxnotebook_pc_15-be1xx250_g6_notebook_pcenvy_laptop_17m-bw0xxxomen_15-ax1xxnotebook_14-au0xxprobook_640_g3laptop_14s-dy0xxxprodesk_600_g3_microtower_pcnotebook_14-aq1xxomen_17-an1xxconvertible_x360_11-ab1xxstream_11_pro_g3_notebook_pcengage_one_aio_systempavilion_x360_convertible_11m-ad1xxelitebook_850_g3prodesk_480_g5_microtower_pcelitedesk_800_g4_sffspectre_x360_convertible_15-ap0xxnotebook_15-bf1xxlaptop_14-bw0xxstream_laptop_11-y1xxlaptop_14q-bu1xxprobook_455_g6pavilion_x360_convertible_15-dq0xxxpavilion_notebook_17-ab3xxlaptop_15g-dx0xxxomen_17-an0xxlaptop_15s-fy0xxxprobook_650_g2zbook_17_g4envy_notebook_17-u1xxconvertible_x360_11-ab0xxpavilion_laptop_14-ce1xxxlaptop_15-dy0xxxzbook_15_g3laptop_14q-cy0xxxpavilion_x360_convertible_14-cc0xxspectre_x360_convertible_15-bl1xxlaptop_14-bp1xxlaptop_14-cf0xxxpavilion_laptop_14-bk0xxx360_310_g2_convertible_pcelitebook_840r_g4elitedesk_705_g2_mt_sffspectre_x360_convertible_13-w0xxprodesk_400_g4_microtowerlaptop_15-di0xxxlaptop_15-bs5xxenvy_notebook_17-s1xxlaptop_14s-cr0xxxpavilion_gaming_laptop_15-cx0xxxeliteone_800_g2pavilion_x360_convertible_14q-dh0xxxenvy_laptop_13-ah0xxxprobook_450_g3envy_x360_convertible_m6-ar0xxpavilion_laptop_15-cc7xxprobook_470_g4stream_14_pro_notebook_pcnotebook_14-ar0xxprodesk_600_g2_dmelitebook_725_g4laptop_14s-dk0xxxpavilion_15-bc000_notebook_pc_series_\(touch\)290_g1_microtower_pclaptop_15-db0xxxpavilion_x360_convertible_11-ad1xxprodesk_480_g4_microtower_pcpavilion_gaming_laptop_15-dk0xxxproone_440_g4zbook_15u_g3envy_x360_convertible_13-y0xxlaptop_15q-bu1xxpavilion_x360_convertible_15-br0xxzhan_66_pro_15_g2laptop_14-bs1xxpavilion_14_g1_notebook_pcpavilion_x360_convertible_14m-dh0xxxlaptop_14s-dm0xxxlaptop_14s-bc1xxproone_600_g2laptop_14s-dr0xxxelitedesk_800_g2_sffnotebook_17-x1xxpavilion_x360_convertible_14q-cd1xxxprodesk_400_g5_microtowerenvy_x360_convertible_15-w2xxelitebook_745_g5notebook_14-as0xxlaptop_15g-dr0xxxomen_17-cb0xxxlaptop_17-ak0xxenvy_x360_convertible_pc_15m-bp0xxprobook_430_g4laptop_14g-cr0xxxnotebook_17-ad1xxpavilion_notebook_17-ab0xxlaptop_15g-br0xxpavilion_x360_convertible_14m-ba1xxelitebook_755_g5envy_notebook_15-as1xxlaptop_14q-cy1xxxstream_14-ax000_laptop_pcstream_11_pro_g4pavilion_x360_convertible_11-u1xx15-f200_notebook_pc_touchprobook_440_g3laptop_15-bs1xxnotebook_14-an0xxlaptop_14s-bc0xxpavilion_x360_convertible_15-bk1xxnotebook_14-am1xxenvy_x360_convertible_15m-dr0xxxpro_tablet_608_g1notebook_15-f3xxnotebook_14-ar1xxlaptop_15-ra0xxzbook_14u_g4pro_x2_612_g2260_g3_desktop_minilaptop_14s-bp0xxpavilion_x360_convertible_m1-u0xxprodesk_680_g2_microtower_pcelitedesk_800_65w_g2_desktop_mini_pcpavilion_x360_convertible_14-cc1xxzhan_99_g1_mobile_workstationeliteone_1000_g2pavilion_15-bc000_notebook_pc_seriesenvy_x360_convertible_15m-cn0xxxpavilion_laptop_14-bf0xxlaptop_15g-bx0xxnotebook_14-aq0xxpavilion_notebook_15-bc3xxprobook_430_g3probook_11_g2250_g5_notebook_pc260_g3_desktop_mini_pcspectre_x2_detachable_12-c0xxprodesk_400_g3_sfflaptop_14g-br1xxlaptop_15s-dr0xxxlaptop_15-bs2xxnotebook_15-bg1xxelitebook_725_g3elitebook_1030_g1envy_laptop_17m-ce0xxxpavilion_laptop_15-cs0xxxpavilion_laptop_17-ar0xxenvy_x360_convertible_15-aq1xxprodesk_400_g3_dmspectre_folio_convertible_13-ak0xxxprodesk_600_g3_desktop_minipavilion_laptop_15-ck0xx280_g3_pci_microtower_pcelitedesk_800_g3_sff255_g7_notebook_pcelitebook_745_g4probook_650_g3envy_laptop_17-ce0xxxelitebook_revolve_810_g3elitebook_846_g5pavilion_notebook_15-dp0xxx255_g5_notebook_pcnotebook_15-ba0xxlaptop_14-di0xxxelitebook_1050_g1laptop_14-dk0xxxspectre_pro_x360_g2_convertible_pcelitedesk_800_35w_g2_desktop_mini_pclaptop_17-ca0xxxpavilion_x360_14_g1_convertible_pcenvy_x360_convertible_15-bq0xx255_g6_notebook_pcpavilion_laptop_15-cs1xxxlaptop_14-di1xxxpavilion_laptop_14-ce0xxxzbook_17_g2notebook_17-x0xx240_g5_notebook_pcprobook_455_g3probook_655_g2vr_backpack_g2zhan_66_pro_a_g1spectre_x360_convertible_15-ch0xx288_pro_g3_microtower_pcelitedesk_880_g4_tower_pcelitebook_840_g5_healthcare_editionlaptop_15-dw0xxxpavilion_x360_convertible_11m-ad0xxstream_laptop_11-ak0xxxelitebook_830_g5zbook_15_g2laptop_14-cm1xxxenvy_x360_convertible_15-cn0xxxlaptop_14s-be0xxzbook_studio_g4probook_446_g3envy_laptop_17m-ae1xxlaptop_14q-bu0xxlaptop_14s-cs1xxxomen_15-dc0xxxspectre_x360_convertible_15-df0xxxlaptop_17g-cr0xxxpavilion_17-ab000_notebook_pc_series_\(touch\)laptop_17-by1xxxelitedesk_800_65w_g3_desktop_mini_pcelitedesk_705_g4_microtower_pcspectre_laptop_13-af0xxspectre_x360_convertible_13-ap0xxxpavilion_laptop_15-cw1xxxelitebook_1040_g2elitebook_755_g4zbook_15u_g4elitedesk_705_g3_microtower_pcprobook_440_g6laptop_14s-cs0xxxlaptop_15-bw5xxnotebook_pc_15-bd1xxlaptop_17-bs0xxprobook_x360_11_g3_education_editionelitebook_828_g3eliteone_1000_g1envy_x360_convertible_13-ar0xxxpavilion_power_laptop_15-cb0xxpavilion_laptop_14-bf6xxproone_600_g4spectre_notebook_13-v1xxenvy_x360_convertible_pc_15-bp1xxnotebook_pc_15-be0xxlaptop_14-bs0xxlaptop_14-bs5xxenvy_notebook_15-as0xxenvy_x360_convertible_15m-bq1xxlaptop_14s-dp0xxxlaptop_14-ma1xxxenvy_x360_convertible_13m-ar0xxxelitebook_840_g3stream_11_pro_g5_notebook_pcprobook_640_g4probook_645_g3elitebook_840_g4omen_15-dg0xxxpavilion_notebook_14-al1xxpavilion_notebook_17-ab2xxprodesk_600_g2_sffomen_17-w0xxprodesk_600_g3_sffnotebook_pc_15-ay1xxenvy_x360_convertible_15m-cp0xxxlaptop_15-di1xxxpavilion_x360_convertible_14-ba2xxpavilion_laptop_15-cu1xxxprodesk_400_g2_dmelitedesk_800_35w_g3_desktop_mini_pclaptop_14g-cx0xxxeliteone_800_g3pavilion_x360_convertible_11-u0xxpavilion_laptop_15-cc5xxelitedesk_880_g3_tower_pczbook_studio_g5elitebook_840_g5laptop_14s-bp1xxlaptop_15-bs0xxenvy_x360_convertible_15-aq2xxlaptop_14q-bu2xxenvy_laptop_13-ad0xxlaptop_15q-ds0xxxlaptop_14q-cs0xxxprobook_x360_440_g1pavilion_notebook_15-bc4xxelitebook_820_g4laptop_14g-cx1xxxnotebook_15-bg0xxlaptop_15-bw6xxelitebook_850_g5pavilion_x360_convertible_11m-ap0xxxlaptop_15q-by0xxlaptop_15g-br1xxpavilion_x360_convertible_15-br1xxlaptop_14-ck0xxxpavilion_laptop_15-cc0xxenvy_x360_convertible_pc_15-bp000elitebook_848_g3elitebook_x360_1040_g5elitebook_755_g3elitebook_folio_g1pavilion_x360_convertible_15-cr0xxxlaptop_14g-br2xxprobook_650_g4pavilion_x360_convertible_14-ba1xxenvy_x360_convertible_13-ag0xxxlaptop_14-bs2xxenvy_x360_convertible_15m-bq0xxspectre_x360_convertible_13-42xxprodesk_680_g4_microtower_pc\(with_pci_slot\)notebook_17-ac0xxlaptop_17g-br1xxenvy_notebook_13-d1xxzhan_86_pro_g1elite_x2_1013_g3elitebook_x360_1020_g2spectre_x360_convertible_13-ae0xxelitebook_x360_1030_g3envy_x360_convertible_15-dr0xxxzhan_66_pro_13_g2laptop_15-bs6xxenvy_laptop_17-bw0xxxzbook_studio_x360_g5zhan_66_pro_14_g2probook_445_g6elitedesk_800_g3_tower_pcelitedesk_705_g3_desktop_minilaptop_14s-dq0xxxprobook_645_g2notebook_17-ac1xxpavilion_notebook_17-ab4xxprodesk_680_g3_microtower_pczbook_15v_g5_mobile_workstation280_g3_microtower_pcpavilion_notebook_14-al0xxlaptop_14q-by0xxenvy_laptop_13-aq0xxxenvy_x360_convertible_15-ds0xxxprobook_430_g5laptop_15q-dy0xxxelitedesk_800_65w_g4_desktop_mini_pcpavilion_x360_convertible_14-dh0xxxpavilion_notebook_14-av0xxprobook_x360_11_g2laptop_15s-du0xxxnotebook_15-ba1xxnotebook_pc_15-ay0xxelitedesk_800_g2_twrprodesk_400_g4_sffpavilion_notebook_15-au0xxlaptop_17q-cs0xxxspectre_x360_convertible_15-bl0xx340_g5_notebook_pcomen_15-ce0xxlaptop_15g-dx1xxxomen_17-ap0xxelitebook_828_g4elitebook_850_g4pavilion_x360_convertible_14m-ba0xxelitebook_x360_1030_g2engage_go_mobile_system258_g7_notebook_pcenvy_x360_convertible_15-cp0xxxenvy_x2_detachable_12-g0xxlaptop_15-bs7xxlaptop_14-dq0xxxenvy_laptop_13-ah1xxxlaptop_17-bs1xxlaptop_14s-be1xxelitebook_820_g3pavilion_x360_convertible_14-ba0xxlaptop_15-ra1xxelite_x2_1012_g2pavilion_laptop_14-ce2xxxspectre_laptop_13-af1xxenvy_laptop_17-ae0xxpavilion_x360_convertible_13-u0xxpavilion_gaming_laptop_17-cd0xxxlaptop_14-cf1xxxzhan_66_pro_g1envy_notebook_17-u2xxelitebook_836_g5pavilion_notebook_15-au1xxprodesk_400_g4_dmproone_400_g2laptop_17q-bu1xxlaptop_17-ca1xxxnotebook_14-am0xxpavilion_x360_convertible_m1-u1xxomen_15-ax2xxenvy_x360_convertible_15-bq1xxpavilion_x360_convertible_14q-cd0xxxlaptop_14s-cr1xxxprobook_455_g4probook_450_g4laptop_17g-cr1xxxlaptop_14g-br0xxenvy_x360_convertible_13m-ag0xxxlaptop_15q-ds1xxxlaptop_14g-cr1xxxeliteone_800_g4omen_17-w1xxprobook_470_g5pavilion_x360_convertible_11-ad0xxomen_15-ce1xxpavilion_laptop_15-cu0xxxlaptop_15-db1xxxlaptop_14-cm0xxxenvy_x360_convertible_15-bq2xxlaptop_17g-br0xxnotebook_pc_15-ay5xxlaptop_15s-fq0xxxpro_x2_612_g1laptop_15-da0xxxlaptop_14q-cs1xxxnotebook_17-y0xxpavilion_laptop_15-cc6xxelitedesk_880_g2_tower_pcpavilion_15-bc500_laptopprobook_655_g3elitedesk_800_g4_tower_pcnotebook_15-bf0xxpavilion_notebook_17-g2xxlaptop_14-bs6xxpavilion_laptop_14-bf1xxenvy_x360_convertible_15-aq0xxproone_600_g3laptop_15s-dy0xxxlaptop_15-da1xxxpavilion_x360_convertible_m3-s000pavilion_laptop_15-cs2xxxpavilion_x360_convertible_11-ap0xxxlaptop_15s-fr0xxxlaptop_14-ma0xxxlaptop_15-bw0xxpavilion_notebook_15-aw1xxenvy_x360_convertible_15m-ds0xxxpavilion_laptop_15-cc1xxprobook_645_g4laptop_15g-dr1xxxpavilion_laptop_15-cd0xxprobook_x360_11_g1zbook_15_g5notebook_pc_15-bd0xx240_g6_notebook_pcprobook_450_g5pavilion_notebook_15-bc2xxenvy_laptop_17-ae1xx240_g7_notebook_pcpavilion_laptop_14-bk1xxomen_15-dh0xxxelitebook_1040_g4elitebook_735_g5notebook_17-ad0xxprodesk_600_g2_microtower_pcelitedesk_705_g3_sff_pcpavilion_x360_convertible_15-bk0xxprobook_470_g3laptop_17q-cs1xxxenvy_x360_convertible_15-ar0xxenvy_x360_convertible_15-cn1xxxengage_flex_pro-c_retail_systempavilion_x360_convertible_13-u1xxspectre_x360_convertible_13-ac0xxspectre_pro_13_g1_notebook_pcpavilion_laptop_15-cw0xxxelitebook_848_g4omen_17-w2xxprobook_640_g2pavilion_laptop_13-an0xxxprobook_440_g5probook_430_g6laptop_17q-bu0xxlaptop_14s-cf0xxx245_g6_notebook_pcstream_11_pro_g4_notebook_pcelite_x2_1012_g1laptop_14-bp0xxlaptop_14s-cf1xxxprobook_440_g4probook_450_g6pavilion_notebook_17-g1xxproone_480_g3zbook_15_g4245_g7_notebook_pcenvy_laptop_13-ad1xxlaptop_14-ck1xxxjumpstartlaptop_15q-bu0xxlaptop_14g-bx0xxspectre_notebook_13-v0xxHP Jumpstart
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-42711
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.61%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 22:46
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.

Action-Not Available
Vendor-n/aBarracuda Networks, Inc.
Product-network_access_clientn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-41718
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.78%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:18
Updated-07 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowssecure_access_clientSecure Access
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-41726
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.14%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 18:13
Updated-06 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43326
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.54% / 80.64%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 06:14
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.

Action-Not Available
Vendor-automoxn/aMicrosoft Corporation
Product-windowsautomoxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.30%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 06:14
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.

Action-Not Available
Vendor-automoxn/aMicrosoft Corporation
Product-windowsautomoxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-42055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 27.92%
||
7 Day CHG~0.00%
Published-18 Oct, 2021 | 16:21
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-ux582lrux582lr_firmwaren/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-41614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.52%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register (EPCR) are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR.

Action-Not Available
Vendor-openriscn/a
Product-mor1kx_firmwaremor1kxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-42011
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.65%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-40132
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.29%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 23:04
Updated-22 Apr, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-40154
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.32%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-23 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privillaged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_usage_reportIntel(R) SUR for Gameplay Softwaresystem_usage_report
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-39694
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.79%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202312327

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-38420
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.07%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 19:05
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dialinkDIALink
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-37000
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.7||HIGH
EPSS-0.02% / 2.40%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:47
Updated-18 Mar, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei wearables have a permission management vulnerability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-255
Not Available
CVE-2022-27652
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:20
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Action-Not Available
Vendor-mobyprojectn/aFedora ProjectRed Hat, Inc.Kubernetes
Product-mobycri-oopenshift_container_platformfedoracri-o
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-36795
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.08%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 16:58
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges.

Action-Not Available
Vendor-n/aCohesity, Inc.
Product-linux_agentn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2016-6914
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.94%
||
7 Day CHG~0.00%
Published-27 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

Action-Not Available
Vendor-n/aMicrosoft CorporationUbiquiti Inc.
Product-windowsunifi_videon/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-10145
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.89%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 20:55
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-10050
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.11%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 18:08
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts.

Action-Not Available
Vendor-Siemens AG
Product-simatic_rtls_locating_managerSIMATIC RTLS Locating Manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-35181
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 14:24
Updated-13 Sep, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-access_rights_managerAccess Rights Manageraccess_rights_manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0564
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.80%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 18:20
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-raid_web_console_3Intel® RAID Web Console 3 (RWC3) for Windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-34315
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 20.02%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-28 Oct, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-virtual_raid_on_cpuIntel(R) VROC softwarevirtual_raid_on_cpu
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0374
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.13%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:58
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0275
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.79%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:45
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0547
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.27%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 16:58
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_migrationIntel(R) Data Migration Software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-3440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.09% / 26.32%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 01:05
Updated-02 Aug, 2024 | 06:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File and Directory Permission Vulnerability in JP1/Performance Management

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.

Action-Not Available
Vendor-Hitachi, Ltd.Microsoft Corporation
Product-windowsjp1\/performance_managementJP1/Performance Management - Remote Monitor for Virtual MachineJP1/Performance Management - Agent Option for IBM WebSphere Application ServerJP1/Performance Management - Agent Option for Service ResponseJP1/Performance Management - Agent Option for Virtual MachineJP1/Performance Management - Remote Monitor for Microsoft(R) SQL ServerJP1/Performance Management - Agent Option for PlatformJP1/Performance Management - Agent Option for Enterprise ApplicationsJP1/Performance Management - Agent Option for Application ServerJP1/Performance Management - Agent Option for Microsoft(R) SQL ServerJP1/Performance Management - Agent Option for uCosminexus Application ServerJP1/Performance Management - Remote Monitor for OracleJP1/Performance Management - Agent Option for Microsoft(R) Exchange ServerJP1/Performance Management - BaseJP1/Performance Management - Agent Option for JP1/AJS3JP1/Performance Management - Agent Option for IBM Lotus DominoJP1/Performance Management - Agent Option for OracleJP1/Performance Management - Agent Option for IBM WebSphere MQJP1/Performance Management - Agent Option for DominoJP1/Performance Management - Agent Option for OpenTP1JP1/Performance Management - Agent Option for Microsoft(R) Internet Information ServerJP1/Performance Management - ManagerJP1/Performance Management - Agent Option for Transaction SystemJP1/Performance Management - Remote Monitor for PlatformJP1/Performance Management - Agent Option for HiRDBJP1/Performance Management - Agent Option for Oracle WebLogic Server
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0508
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.92%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 19:58
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-graphics_driverIntel(R) Graphics Drivers
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0514
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.92%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 19:59
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-graphics_driverIntel(R) Graphics Drivers
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32547
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.95%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-topconpositioningn/aIntel Corporation
Product-falcon_8\+mavinci_desktopMAVinci Desktop Software for Intel(R) Falcon 8+mavinci_desktop_software_for_intel_falcon_8_plus
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2016-5425
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-14.47% / 94.18%
||
7 Day CHG~0.00%
Published-13 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.Oracle Corporation
Product-enterprise_linux_serverenterprise_linux_server_austomcatenterprise_linux_desktopenterprise_linux_server_eusinstantis_enterprisetrackenterprise_linux_server_tusenterprise_linux_workstationlinuxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32221
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.8||HIGH
EPSS-0.03% / 6.77%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 00:00
Updated-04 Jan, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EaseUS Todo Backup may allow local privilege escalation

EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation.

Action-Not Available
Vendor-easeusEaseUS
Product-todo_backupTodo Backup
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32543
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.95%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-intelligent_test_systemIntel(R) ITS sofware
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2016-3943
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.

Action-Not Available
Vendor-n/aWatchGuard Technologies, Inc.
Product-panda_endpoint_administration_agentn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31246
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.22%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_debug_and_provisioning_toolIntel(R) SDP Tool software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-3112
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.65%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:31
Updated-12 Sep, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-ellipticlabsLenovo Group Limited
Product-virtual_lock_sensorai_virtual_presence_sensorthinkpad_t14_gen_3AI Virtual Presence SensorElliptic Labs Virtual Lock Sensorthinkpad_t14_gen_3
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31359
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 17:15
Updated-16 May, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-aim-t_manageability_apiAIM-T Manageability API
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-29838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.37%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 00:00
Updated-21 Jan, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file.

Action-Not Available
Vendor-allwaysyncn/a
Product-allwaysyncn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-24135
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.51%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-25 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-27305
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.43%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-02 Aug, 2024 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsarc_a_graphicsiris_xe_graphicsIntel(R) Arc(TM) Control software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-27382
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.43%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-nuc_p14e_laptop_elementwindows_10Intel(R) NUC P14E Laptop Element software for Windows 10
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-2173
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.71%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:14
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-28079
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 10.53%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:20
Updated-10 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-23105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.17%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 00:00
Updated-13 Jun, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400_firmwareexynos_2200exynos_2200_firmwareexynos_1480exynos_2400exynos_1480_firmwaren/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-19675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.62%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 14:42
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.

Action-Not Available
Vendor-n/aIvanti Software
Product-workspace_controln/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-27505
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.95%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-advanced_link_analyzerIntel(R) Advanced Link Analyzer Standard Edition software installers
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25941
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:22
Updated-11 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-17365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 21:19
Updated-15 Jan, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.

Action-Not Available
Vendor-nixosn/a
Product-nixn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-23583
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 8.81%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/LinuxNetApp, Inc.
Product-core_i5-1145gre_firmwarexeon_d-2796tecore_i7-11850he_firmwarexeon_d-1627_firmwarecore_i7-11370h_firmwarexeon_d-2738core_i7-11700fxeon_platinum_8362core_i7-1160g7core_i5-1035g7xeon_gold_6338core_i7-10850hxeon_d-2777nxxeon_d-1527xeon_gold_6338t_firmwarexeon_d-2766ntcore_i7-1185grecore_i3-1125g4_firmwarecore_i7-11375hcore_i7-11800h_firmwarecore_i7-10870h_firmwarexeon_silver_4309yxeon_platinum_8352yxeon_platinum_8380h_firmwarecore_i3-1110g4_firmwarexeon_platinum_8360hl_firmwarecore_i5-11600_firmwarexeon_d-1746ter_firmwarexeon_gold_6354_firmwarexeon_d-2163it_firmwarecore_i5-1140g7_firmwarecore_i3-1110g4core_i5-10210uxeon_gold_6326xeon_d-2776ntxeon_d-1527_firmwarexeon_d-1521_firmwarexeon_d-2798ntxeon_d-1733ntxeon_gold_5317_firmwarecore_i5-10200hxeon_d-1557_firmwarexeon_d-2775te_firmwarecore_i9-11900kf_firmwarexeon_d-2766nt_firmwarexeon_silver_4316core_i5-1035g4core_i5-10400hcore_i7-11700xeon_d-1518xeon_gold_5318y_firmwarecore_i7-10510u_firmwarexeon_d-1714core_i3-10100yxeon_d-2799_firmwarexeon_d-2745nx_firmwarexeon_d-2143itxeon_gold_6348_firmwarexeon_d-2163itcore_i7-11370hcore_i5-10310uxeon_gold_5318s_firmwarecore_i9-11900txeon_d-1734nt_firmwarexeon_d-2161i_firmwarexeon_d-2779_firmwarecore_i7-1195g7_firmwarecore_i5-11600tcore_i5-10310y_firmwarexeon_d-1567_firmwarecore_i7-11850hxeon_d-1567core_i9-11900xeon_d-2777nx_firmwarecore_i7-10510yxeon_platinum_8380hcore_i7-1185g7e_firmwarexeon_d-2173it_firmwarecore_i3-10110ucore_i7-11800hxeon_platinum_8376hxeon_d-1746terxeon_gold_6312u_firmwarexeon_gold_6330xeon_platinum_8362_firmwarecore_i5-10310u_firmwarexeon_silver_4310t_firmwarexeon_d-1531_firmwarexeon_gold_6314ucore_i7-10610u_firmwarexeon_d-2123it_firmwarecore_i5-1155g7core_i7-10710u_firmwarexeon_d-1715tercore_i9-11950hcore_i7-11850hecore_i5-11600core_i5-10300hxeon_d-1571xeon_d-1736_firmwarexeon_platinum_8353hcore_i9-10980hkxeon_gold_6348hcore_i3-1005g1_firmwarexeon_gold_6338_firmwarexeon_d-2173itcore_i7-11700txeon_d-2123itxeon_d-1731nte_firmwarecore_i7-10510ucore_i3-10100y_firmwarexeon_d-2177nt_firmwarexeon_d-1627xeon_d-1533n_firmwarecore_i5-11400h_firmwarexeon_d-2796ntxeon_silver_4309y_firmwarecore_i9-11900hxeon_gold_5320hxeon_platinum_8358p_firmwarecore_i5-11600k_firmwarexeon_gold_5320xeon_platinum_8360yxeon_d-2779xeon_gold_6330h_firmwarexeon_d-1602core_i5-11500h_firmwarecore_i3-11100hecore_i9-11900kxeon_d-1712trxeon_d-1539xeon_d-2796te_firmwarefas9500_firmwarexeon_gold_6338txeon_d-1713ntecore_i7-11700k_firmwarexeon_d-2752ter_firmwarexeon_gold_5318sxeon_d-2733nt_firmwarexeon_d-1649n_firmwarexeon_d-2146ntxeon_d-1577_firmwarecore_i5-11500t_firmwarexeon_platinum_8356h_firmwarecore_i7-1160g7_firmwarexeon_d-2145nt_firmwarecore_i7-11600h_firmwarexeon_d-1726_firmwarexeon_d-2187ntxeon_d-1732texeon_d-2712txeon_d-1537_firmwarecore_i7-10750h_firmwarexeon_d-1541_firmwarecore_i3-1115gre_firmwarexeon_platinum_8380hlxeon_gold_5318nxeon_d-2166nt_firmwarecore_i9-10885hxeon_d-2166ntcore_i5-11400txeon_d-2776nt_firmwarexeon_d-1732te_firmwarecore_i7-1180g7_firmwarexeon_platinum_8358pcore_i5-11300hcore_i9-11900kfxeon_d-2712t_firmwarecore_i5-1145g7core_i3-1125g4xeon_gold_6328h_firmwarexeon_d-1623n_firmwarecore_i7-10750hxeon_d-1548_firmwarexeon_d-1713nte_firmwarexeon_gold_6328hl_firmwarexeon_gold_6342_firmwarexeon_gold_5317core_i7-10875hxeon_d-2183itxeon_platinum_8358_firmwarexeon_platinum_8352m_firmwarexeon_d-1622xeon_d-1559_firmwarexeon_gold_6348h_firmwarexeon_platinum_8356hcore_i9-11900k_firmwarecore_i5-10400h_firmwarexeon_d-2145ntcore_i5-1035g7_firmwarexeon_platinum_8360y_firmwarecore_i5-11400t_firmwarecore_i3-1115g4core_i7-11700f_firmwarefas2820_firmwarexeon_d-1529_firmwarexeon_d-1540_firmwarexeon_d-1637_firmwarexeon_gold_5318h_firmwarexeon_d-1733nt_firmwarexeon_d-2733ntxeon_gold_5320tcore_i5-10210ycore_i5-1140g7xeon_gold_6312uxeon_gold_5320h_firmwarexeon_d-2142it_firmwarexeon_d-2143it_firmwarecore_i5-10210u_firmwarexeon_d-1736xeon_d-1735trxeon_d-1513n_firmwarecore_i3-10110yxeon_d-2795nt_firmwarecore_i5-11400fxeon_d-2752ntexeon_d-1523n_firmwarecore_i5-11500_firmwarexeon_d-2753nt_firmwarexeon_gold_5318n_firmwarexeon_platinum_8352y_firmwarexeon_silver_4314core_i5-1145grecore_i7-1180g7core_i5-11600kfcore_i5-10500h_firmwarexeon_platinum_8358core_i7-11700kfxeon_gold_5315ycore_i7-10870hcore_i9-11950h_firmwarexeon_platinum_8352s_firmwarecore_i5-1035g1core_i5-11260h_firmwarexeon_platinum_8354hcore_i9-11900_firmwarecore_i5-11400f_firmwarexeon_silver_4310_firmwarexeon_gold_6338n_firmwarexeon_d-1718tcore_i3-10110y_firmwarecore_i5-1035g4_firmwarecore_i7-1185g7core_i7-1195g7core_i5-11500txeon_gold_6326_firmwarecore_i7-1165g7xeon_platinum_8351n_firmwarexeon_d-1523nxeon_d-2786nte_firmwarecore_i5-11600kcore_i9-11900h_firmwarecore_i7-11390hxeon_d-2786ntexeon_d-1540xeon_platinum_8368xeon_d-1653ncore_i7-11700kxeon_d-1528xeon_d-1637xeon_d-1577core_i7-11700_firmwarecore_i5-1130g7_firmwarexeon_d-1715ter_firmwarexeon_silver_4310txeon_platinum_8380core_i7-10710uxeon_d-2141ixeon_d-1541xeon_gold_6314u_firmwaredebian_linuxcore_i3-11100he_firmwarexeon_d-1543n_firmwarexeon_platinum_8351nxeon_platinum_8376hl_firmwarecore_i5-11500he_firmwarexeon_d-1633n_firmwarexeon_gold_6330n_firmwarecore_i5-1145g7_firmwarexeon_d-1722ne_firmwarexeon_gold_6336yxeon_platinum_8352vxeon_d-1747ntecore_i5-10210y_firmwarexeon_d-2757nx_firmwarexeon_d-1653n_firmwarexeon_d-1734ntcore_i5-11400hxeon_d-1735tr_firmwarexeon_d-1747nte_firmwarexeon_d-1553nxeon_d-1571_firmwarecore_i9-11900t_firmwarexeon_d-1633nxeon_platinum_8360hlcore_i5-11400_firmwarexeon_d-1548core_i9-11900fxeon_d-1649nxeon_d-1529xeon_platinum_8380_firmwarecore_i7-10510y_firmwarexeon_gold_6330_firmwarecore_i7-11600hcore_i7-11390h_firmwarecore_i9-11980hkxeon_d-1518_firmwarexeon_gold_5320_firmwarexeon_d-2738_firmwarecore_i7-1165g7_firmwarexeon_platinum_8380hl_firmwarexeon_platinum_8360h_firmwarexeon_d-2757nxxeon_d-1713ntcore_i3-1115g4e_firmwarexeon_gold_6354xeon_gold_6336y_firmwarexeon_d-1520xeon_d-2752tercore_i5-1130g7xeon_platinum_8354h_firmwarexeon_d-2799xeon_platinum_8352mcore_i3-1120g4xeon_d-2146nt_firmwarexeon_d-2795ntcore_i3-1120g4_firmwarecore_i5-10310yxeon_d-1739_firmwarexeon_gold_6330hxeon_d-1736ntxeon_d-1713nt_firmwarexeon_gold_5318hxeon_d-1520_firmwarecore_i5-10500hxeon_platinum_8376hlxeon_silver_4316_firmwarecore_i7-1185g7_firmwarexeon_d-2798nt_firmwarexeon_d-1623ncore_i7-10810u_firmwarecore_i5-11600kf_firmwarecore_i5-11320hxeon_d-1531core_i7-10810ucore_i7-11700kf_firmwarecore_i3-1115g4_firmwarexeon_d-1533ncore_i7-11375h_firmwarexeon_d-1722nexeon_gold_6346core_i7-10875h_firmwarecore_i3-1115grexeon_d-2142itcore_i5-11500hxeon_d-1718t_firmwarecore_i7-10610ucore_i5-1035g1_firmwarexeon_d-1622_firmwarexeon_gold_6338ncore_i7-1065g7_firmwarecore_i5-1135g7_firmwarexeon_d-2796nt_firmwareaffa900_firmwarexeon_platinum_8360hxeon_gold_5315y_firmwarecore_i5-11260hxeon_d-1749nt_firmwarexeon_d-1702_firmwarexeon_d-2161iaffa900core_i5-10300h_firmwarexeon_d-2141i_firmwarecore_i3-1115g4ecore_i7-11850h_firmwarexeon_gold_6348xeon_gold_6330ncore_i5-11600t_firmwarecore_i5-10200h_firmwarecore_i9-11900f_firmwarecore_i5-11300h_firmwarexeon_platinum_8368_firmwarecore_i9-11980hk_firmwarecore_i7-11700t_firmwarexeon_d-2798nxxeon_platinum_8352v_firmwarecore_i9-10885h_firmwarexeon_d-2745nxcore_i5-1145g7exeon_gold_5320t_firmwarecore_i5-11500hexeon_d-1748tecore_i5-1145g7e_firmwarexeon_silver_4310core_i7-1185gre_firmwarexeon_silver_4314_firmwarexeon_d-1513nxeon_d-1537xeon_gold_6334xeon_d-2187nt_firmwarexeon_d-2752nte_firmwarecore_i5-11500core_i5-1135g7xeon_d-1739fas2820core_i3-10110u_firmwarexeon_d-1543nxeon_d-1528_firmwarexeon_d-1539_firmwarexeon_d-1559xeon_d-1702xeon_d-1521fas9500xeon_gold_6342xeon_d-1748te_firmwarexeon_d-1749ntxeon_platinum_8353h_firmwarexeon_platinum_8376h_firmwarexeon_d-1712tr_firmwarexeon_d-2798nx_firmwarecore_i7-1185g7exeon_platinum_8352sxeon_gold_6346_firmwarexeon_gold_5318ycore_i3-1005g1xeon_gold_6328hxeon_d-2183it_firmwarexeon_d-2753ntxeon_d-1557xeon_d-2775tecore_i5-11400xeon_gold_6334_firmwarexeon_d-1731ntecore_i7-10850h_firmwarecore_i7-1065g7xeon_d-1714_firmwarexeon_d-1736nt_firmwarexeon_d-1602_firmwarexeon_gold_6328hlxeon_d-1726core_i9-10980hk_firmwarexeon_d-2177ntxeon_d-1553n_firmwareIntel(R) Processors
CWE ID-CWE-1281
Sequence of Processor Instructions Leads to Unexpected Behavior
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-17043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.97%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 16:51
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution.

Action-Not Available
Vendor-bmcn/a
Product-patrol_agentn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-3431
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.61%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 18:18
Updated-19 Sep, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_5_pro-16ihu6_firmwarethinkbook_plus_g3_iap_firmwareyoga_slim_7-13itl05yoga_slim_7_carbon_13itl5thinkbook_16_g4\+_arad330-10iglideapad_5_pro-16ihu6yoga_slim_7-13itl05_firmwareyoga_duet_7-13itl6-lteyoga_slim_7-13acn05_firmwareyoga_slim_7_carbon_13itl5_firmwareslim_7_16arh7_firmwareyoga_duet_7-13iml05_firmwarethinkbook_14_g4\+_araideapad_slim_7_pro_16ach6_firmwarethinkbook_13x_itgthinkbook_16_g4\+_iapthinkbook_13x_itg_firmwareideapad_5_pro_16arh7yoga_slim_7_pro_16ach6ideapad_creator_5-16ach6_firmwarethinkbook_plus_g3_iapd330-10igl_firmwareideapad_duet_3_10igl5_firmwareyoga_slim_7_pro_16arh7yoga_slim_7-13acn05ideapad_creator_5-16ach6thinkbook_plus_g2_itg_firmwarethinkbook_plus_g2_itgthinkbook_16_g4\+_iap_firmwareyoga_slim_7_pro_16ach6_firmwareyoga_duet_7-13itl6_firmwareyoga_duet_7-13iml05ideapad_5_pro_16arh7_firmwarethinkbook_16_g4\+_ara_firmwares540-15iml_firmwareideapad_slim_7_pro_16ach6slim_7_16arh7thinkbook_16p_nx_arh_firmwareyoga_duet_7-13itl6-lte_firmwareyoga_slim_7_pro_16arh7_firmwareyoga_duet_7-13itl6thinkbook_14_g4\+_iaps540-15imlideapad_5_pro-16ach6thinkbook_14_g4\+_iap_firmwarethinkbook_14_g4\+_ara_firmwareideapad_5_pro-16ach6_firmwareideapad_duet_3_10igl5thinkbook_16p_nx_arhBIOSnotebook
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • Next
Details not found