Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-34387

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-21 Jun, 2021 | 21:35
Updated At-04 Aug, 2024 | 00:12
Rejected At-
Credits

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:21 Jun, 2021 | 21:35
Updated At:04 Aug, 2024 | 00:12
Rejected At:
▼CVE Numbering Authority (CNA)

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
NVIDIA Jetson TX1
Versions
Affected
  • All Jetson Linux versions prior to r32.5.1
Problem Types
TypeCWE IDDescription
textN/Ainformation disclosure, escalation of privileges, denial of service
Type: text
CWE ID: N/A
Description: information disclosure, escalation of privileges, denial of service
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5205
x_refsource_CONFIRM
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5205
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5205
x_refsource_CONFIRM
x_transferred
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5205
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:21 Jun, 2021 | 22:15
Updated At:29 Jun, 2021 | 14:13

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.3MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
NVIDIA Corporation
nvidia
>>jetson_linux>>Versions before 32.5.1(exclusive)
cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tx1>>-
cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarynvd@nist.gov
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5205psirt@nvidia.com
Vendor Advisory
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5205
Source: psirt@nvidia.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

233Records found
CVE-2022-3432
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 22.97%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 16:27
Updated-01 Apr, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_y700-14isk_firmwareideapad_y700-14iskBIOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-3430
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.01%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 16:11
Updated-02 Apr, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkbook_14_g2_are_firmwared330-10iglthinkbook_14_g3_acl_firmwareyoga_creator_7-15imh05thinkbook_14s_yoga_itl_firmwareideapad_slim_7-14iil05ideapad_5_pro_16iah7_firmwareideapad_slim_7-14iil05_firmwareyoga_slim_7-15imh05thinkbook_14_g4\+_arayoga_slim_7-15iil05thinkbook_16_g4\+_iapthinkbook_15_g3_aclyoga_creator_7-15imh05_firmwarethinkbook_15p_imp_firmwared330-10igl_firmwarethinkbook_16p_g3_arhthinkbook_15_g4_abaslim_7-14are05thinkbook_plus_g2_itgyoga_slim_7-15imh05_firmwareideapad_5_pro_16arh7_firmwarethinkbook_16_g4\+_ara_firmwareyoga_slim_7-14itl05_firmwareideapad_5_pro_16iah7thinkbook_15p_impthinkbook_14s_yoga_itlyoga_slim_7-15itl05thinkbook_16p_g3_arh_firmwareslim_7-14are05_firmwareyoga_slim_7_pro_16arh7_firmwarethinkbook_14_g4\+_iapyoga_duet_7-13itl6thinkbook_14_g2_areyoga_slim_7-14are05slim_7-15imh05thinkbook_14_g4\+_ara_firmwareslim_7_16arh7ideapad_duet_3_10igl5thinkbook_14p_g3_arhthinkbook_16p_nx_arhthinkbook_15p_g2_ithslim_7-15itl05_firmwarethinkbook_plus_g3_iap_firmwarethinkbook_15_g2_itlthinkbook_14_g2_itlthinkbook_16_g4\+_arayoga_slim_7-14iil05ideapad_slim_7-15iil05thinkbook_15_g3_itlyoga_duet_7-13itl6-lteyoga_slim_7-14iil05_firmwareslim_7_16arh7_firmwareyoga_duet_7-13iml05_firmwarethinkbook_13x_itgideapad_5_pro_16arh7thinkbook_13x_itg_firmwareyoga_slim_7-15iil05_firmwarethinkbook_15_g2_areideapad_slim_7-14itl05_firmwarethinkbook_plus_g3_iapideapad_slim_7-14itl05thinkbook_15_g3_itl_firmwarethinkbook_15p_g2_ith_firmwarethinkbook_14_g3_aclideapad_duet_3_10igl5_firmwareyoga_slim_7_pro_16arh7yoga_slim_7-14are05_firmwarethinkbook_14p_g3_arh_firmwarethinkbook_plus_g2_itg_firmwarethinkbook_14_g2_itl_firmwarethinkbook_16_g4\+_iap_firmwarethinkbook_15_g2_are_firmwareyoga_duet_7-13itl6_firmwareslim_7-15itl05thinkbook_15_g2_itl_firmwareslim_7-15imh05_firmwareyoga_duet_7-13iml05yoga_slim_7-15itl05_firmwarethinkbook_14_g3_itl_firmwarethinkbook_15_g3_acl_firmwarethinkbook_16p_nx_arh_firmwareideapad_slim_7-15iil05_firmwareyoga_duet_7-13itl6-lte_firmwarethinkbook_15_gd_aba_firmwareyoga_slim_7-14itl05thinkbook_14_g4\+_iap_firmwarethinkbook_14_g3_itlBIOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-33912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.65%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 06:47
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected.

Action-Not Available
Vendor-n/atribe29 GmbHCheckmk GmbH
Product-checkmkn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-29483
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.44%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 17:54
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
e-Design - Multiple vulnerabilities

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.

Action-Not Available
Vendor-ABB
Product-e-designe-Design
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-13311
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.40%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 21:46
Updated-18 Dec, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-49721
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.57%
||
7 Day CHG-0.00%
Published-14 Feb, 2024 | 21:57
Updated-26 Aug, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

Action-Not Available
Vendor-tianocoreCanonical Ltd.
Product-edk2lxdLXDlxd
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-0486
Matching Score-4
Assigner-Fidelis Cybersecurity, Inc.
ShareView Details
Matching Score-4
Assigner-Fidelis Cybersecurity, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 31.78%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:32
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privileged Command Injection Vulnerability in Fidelis Network and Deception

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.

Action-Not Available
Vendor-fidelissecurityFidelis Cybersecurity
Product-deceptionnetworkFidelis DeceptionFidelis Network
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-0997
Matching Score-4
Assigner-Fidelis Cybersecurity, Inc.
ShareView Details
Matching Score-4
Assigner-Fidelis Cybersecurity, Inc.
CVSS Score-3.9||LOW
EPSS-0.49% / 64.72%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:31
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation Vulnerability in Fidelis Network and Deception

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.

Action-Not Available
Vendor-fidelissecurityFidelis Cybersecurity
Product-deceptionnetworkFidelis DeceptionFidelis Network
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-40388
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.06%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-15 Apr, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-sq_managern/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-45335
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 32.33%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 12:29
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.

Action-Not Available
Vendor-avastn/a
Product-antivirusn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-42711
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.61%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 22:46
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.

Action-Not Available
Vendor-n/aBarracuda Networks, Inc.
Product-network_access_clientn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-40396
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.06%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-15 Apr, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-deviceon\/iservicen/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-40389
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.06%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-15 Apr, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-deviceon\/iedgen/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-39694
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.79%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202312327

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2016-6914
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.94%
||
7 Day CHG~0.00%
Published-27 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

Action-Not Available
Vendor-n/aMicrosoft CorporationUbiquiti Inc.
Product-windowsunifi_videon/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-10145
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.89%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 20:55
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-10050
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.11%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 18:08
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts.

Action-Not Available
Vendor-Siemens AG
Product-simatic_rtls_locating_managerSIMATIC RTLS Locating Manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0374
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.13%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:58
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0275
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.79%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:45
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2016-5425
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-14.47% / 94.18%
||
7 Day CHG~0.00%
Published-13 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.Oracle Corporation
Product-enterprise_linux_serverenterprise_linux_server_austomcatenterprise_linux_desktopenterprise_linux_server_eusinstantis_enterprisetrackenterprise_linux_server_tusenterprise_linux_workstationlinuxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2016-3943
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.

Action-Not Available
Vendor-n/aWatchGuard Technologies, Inc.
Product-panda_endpoint_administration_agentn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-19792
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.10% / 27.70%
||
7 Day CHG~0.00%
Published-03 Mar, 2020 | 14:32
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files.

Action-Not Available
Vendor-n/aESET, spol. s r. o.
Product-cyber_securityn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-3431
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.61%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 18:18
Updated-19 Sep, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_5_pro-16ihu6_firmwarethinkbook_plus_g3_iap_firmwareyoga_slim_7-13itl05yoga_slim_7_carbon_13itl5thinkbook_16_g4\+_arad330-10iglideapad_5_pro-16ihu6yoga_slim_7-13itl05_firmwareyoga_duet_7-13itl6-lteyoga_slim_7-13acn05_firmwareyoga_slim_7_carbon_13itl5_firmwareslim_7_16arh7_firmwareyoga_duet_7-13iml05_firmwarethinkbook_14_g4\+_araideapad_slim_7_pro_16ach6_firmwarethinkbook_13x_itgthinkbook_16_g4\+_iapthinkbook_13x_itg_firmwareideapad_5_pro_16arh7yoga_slim_7_pro_16ach6ideapad_creator_5-16ach6_firmwarethinkbook_plus_g3_iapd330-10igl_firmwareideapad_duet_3_10igl5_firmwareyoga_slim_7_pro_16arh7yoga_slim_7-13acn05ideapad_creator_5-16ach6thinkbook_plus_g2_itg_firmwarethinkbook_plus_g2_itgthinkbook_16_g4\+_iap_firmwareyoga_slim_7_pro_16ach6_firmwareyoga_duet_7-13itl6_firmwareyoga_duet_7-13iml05ideapad_5_pro_16arh7_firmwarethinkbook_16_g4\+_ara_firmwares540-15iml_firmwareideapad_slim_7_pro_16ach6slim_7_16arh7thinkbook_16p_nx_arh_firmwareyoga_duet_7-13itl6-lte_firmwareyoga_slim_7_pro_16arh7_firmwareyoga_duet_7-13itl6thinkbook_14_g4\+_iaps540-15imlideapad_5_pro-16ach6thinkbook_14_g4\+_iap_firmwarethinkbook_14_g4\+_ara_firmwareideapad_5_pro-16ach6_firmwareideapad_duet_3_10igl5thinkbook_16p_nx_arhBIOSnotebook
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-14002
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.16%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 05:00
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920sa6155p_firmwaremsm8953sdm450sdm636_firmwaresdm429wmsm8996au_firmwaresdm632_firmwareapq8098_firmwaresdm845sdm450_firmwaresdm632sdm660msm8920_firmwaresdm439sdm630sm8250_firmwaresdm429msm8940_firmwareqca6574ausm6150msm8909w_firmwareqm215msm8996ausdm429w_firmwaremsm8917sa6155psxr2130msm8937qcs605_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwaresdm636sdm630_firmwareapq8098sda660_firmwareqm215_firmwareqcs605msm8940apq8053apq8096au_firmwaremsm8953_firmwaresm6150_firmwaremsm8917_firmwaremsm8937_firmwaresdm429_firmwaresm8150sm8250qca6574au_firmwaresda660nicobar_firmwaremsm8909wapq8053_firmwaresdm660_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-12670
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.09%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software 3.2.11aSG
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-10679
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.63%
||
7 Day CHG~0.00%
Published-03 Sep, 2020 | 14:40
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.

Action-Not Available
Vendor-thomsonreutersn/a
Product-eikonn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-31998
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 11:25
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
inn: %post calls user owned file allowing local privilege escalation to root

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.

Action-Not Available
Vendor-openSUSESUSE
Product-linux_enterprise_serverinnbackports_sleleapSUSE Linux Enterprise Server 11-SP3openSUSE Backports SLE-15-SP2openSUSE Leap 15.2
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2018-7533
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.96%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system.

Action-Not Available
Vendor-osisoftn/a
Product-pi_data_archiveOSIsoft PI Data Archive
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2018-7535
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.74%
||
7 Day CHG~0.00%
Published-13 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.

Action-Not Available
Vendor-totalavn/a
Product-totalavn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-33092
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.44%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 18:47
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_m15_laptop_kit_hid_event_filter_driver_packnuc_m15_laptop_kit_lapbc710nuc_m15_laptop_kit_lapbc510Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-8701
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.90%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:39
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-solid-state_drive_toolboxIntel(R) SSD Toolbox versions
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-11741
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.77%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-vagrant_vmware_fusionn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-33196
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.03% / 6.65%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_d-2796texeon_d-1627_firmwarexeon_d-2738xeon_platinum_8362xeon_gold_6338xeon_gold_6338t_firmwarexeon_d-2777nxxeon_d-1527xeon_d-2766ntxeon_silver_4309yxeon_platinum_8352yxeon_platinum_8380h_firmwarexeon_platinum_8360hl_firmwarexeon_d-1746ter_firmwarexeon_gold_6354_firmwarexeon_d-2163it_firmwarexeon_gold_6326xeon_d-2776ntxeon_d-1527_firmwarexeon_d-2798ntxeon_d-1733ntxeon_d-1521_firmwarexeon_gold_5317_firmwarexeon_d-1557_firmwarexeon_d-2775te_firmwarexeon_d-2766nt_firmwarexeon_silver_4316xeon_d-1518xeon_gold_5318y_firmwarexeon_d-1714xeon_d-2799_firmwarexeon_d-2745nx_firmwarexeon_d-2143itxeon_gold_6348_firmwarexeon_d-2163itxeon_gold_5318s_firmwarexeon_d-1734nt_firmwarexeon_d-2161i_firmwarexeon_d-2779_firmwarexeon_d-1567_firmwarexeon_d-1567xeon_d-2777nx_firmwarexeon_platinum_8380hxeon_d-2173it_firmwarexeon_platinum_8368q_firmwarexeon_platinum_8376hxeon_d-1746terxeon_gold_6312u_firmwarexeon_gold_6330xeon_platinum_8362_firmwarexeon_silver_4310t_firmwarexeon_d-1531_firmwarexeon_gold_6314uxeon_d-2123it_firmwarexeon_d-1715terxeon_d-1571xeon_d-1736_firmwarexeon_platinum_8353hxeon_gold_6348hxeon_gold_6338_firmwarexeon_d-2173itxeon_d-2123itxeon_d-2177nt_firmwarexeon_d-1627xeon_d-1533n_firmwarexeon_d-2796ntxeon_silver_4309y_firmwarexeon_gold_5320hxeon_platinum_8358p_firmwarexeon_gold_5320xeon_d-2779xeon_platinum_8360yxeon_gold_6330h_firmwarexeon_d-1602xeon_d-1712trxeon_d-1539xeon_d-2796te_firmwarexeon_gold_6338txeon_d-1713ntexeon_d-2752ter_firmwarexeon_gold_5318sxeon_d-2733nt_firmwarexeon_d-1649n_firmwarexeon_d-2146ntxeon_d-1577_firmwarexeon_platinum_8356h_firmwarexeon_d-2145nt_firmwarexeon_d-1726_firmwarexeon_d-2187ntxeon_d-1732texeon_d-2712txeon_d-1537_firmwarexeon_d-1541_firmwarexeon_platinum_8380hlxeon_gold_5318nxeon_platinum_8358pxeon_d-2166nt_firmwarexeon_d-2166ntxeon_d-2776nt_firmwarexeon_d-1732te_firmwarexeon_d-2712t_firmwarexeon_gold_6328h_firmwarexeon_d-1623n_firmwarexeon_d-1548_firmwarexeon_gold_6328hl_firmwarexeon_d-1713nte_firmwarexeon_gold_6342_firmwarexeon_gold_5317xeon_platinum_8352m_firmwarexeon_platinum_8358_firmwarexeon_d-2183itxeon_d-1622xeon_d-1559_firmwarexeon_platinum_8356hxeon_gold_6348h_firmwarexeon_d-2145ntxeon_platinum_8360y_firmwarexeon_d-1529_firmwarexeon_d-1540_firmwarexeon_gold_5318h_firmwarexeon_d-1637_firmwarexeon_d-1733nt_firmwarexeon_d-2733ntxeon_gold_5320txeon_gold_6312uxeon_gold_5320h_firmwarexeon_d-2142it_firmwarexeon_d-2143it_firmwarexeon_d-1736xeon_d-1735trxeon_d-1513n_firmwarexeon_d-2795nt_firmwarexeon_d-2752ntexeon_d-1523n_firmwarexeon_silver_4314xeon_gold_5318n_firmwarexeon_platinum_8352y_firmwarexeon_d-2753nt_firmwarexeon_platinum_8358xeon_gold_5315yxeon_platinum_8352s_firmwarexeon_platinum_8354hxeon_silver_4310_firmwarexeon_gold_6338n_firmwarexeon_d-1718txeon_gold_6326_firmwarexeon_platinum_8351n_firmwarexeon_d-1523nxeon_d-2786nte_firmwarexeon_d-2786ntexeon_d-1540xeon_platinum_8368xeon_d-1653nxeon_d-1528xeon_d-1637xeon_d-1577xeon_silver_4310txeon_d-1715ter_firmwarexeon_platinum_8380xeon_d-2141ixeon_d-1541xeon_gold_6314u_firmwarexeon_d-1543n_firmwarexeon_platinum_8351nxeon_platinum_8376hl_firmwarexeon_gold_6330n_firmwarexeon_d-1633n_firmwarexeon_platinum_8352vxeon_gold_6336yxeon_d-1722ne_firmwarexeon_d-1747ntexeon_d-2757nx_firmwarexeon_d-1653n_firmwarexeon_d-1734ntxeon_d-1735tr_firmwarexeon_d-1747nte_firmwarexeon_d-1553nxeon_d-1571_firmwarexeon_d-1633nxeon_platinum_8360hlxeon_d-1548xeon_platinum_8380_firmwarexeon_d-1649nxeon_d-1529xeon_gold_6330_firmwarexeon_d-1518_firmwarexeon_gold_5320_firmwarexeon_d-2738_firmwarexeon_platinum_8380hl_firmwarexeon_platinum_8360h_firmwarexeon_d-2757nxxeon_d-1713ntxeon_gold_6354xeon_gold_6336y_firmwarexeon_d-1520xeon_platinum_8354h_firmwarexeon_d-2752terxeon_platinum_8352mxeon_d-2799xeon_d-2146nt_firmwarexeon_d-2795ntxeon_gold_6330hxeon_d-1739_firmwarexeon_d-1736ntxeon_gold_5318hxeon_d-1713nt_firmwarexeon_d-1520_firmwarexeon_platinum_8376hlxeon_silver_4316_firmwarexeon_d-2798nt_firmwarexeon_d-1623nxeon_d-1531xeon_d-1533nxeon_d-1722nexeon_gold_6346xeon_d-2142itxeon_d-1718t_firmwarexeon_d-1622_firmwarexeon_gold_6338nxeon_d-2796nt_firmwarexeon_platinum_8360hxeon_gold_5315y_firmwarexeon_d-1702_firmwarexeon_d-1749nt_firmwarexeon_d-2161ixeon_d-2141i_firmwarexeon_gold_6348xeon_gold_6330nxeon_platinum_8368_firmwarexeon_d-2798nxxeon_platinum_8352v_firmwarexeon_d-2745nxxeon_platinum_8368qxeon_gold_5320t_firmwarexeon_d-1748texeon_silver_4310xeon_silver_4314_firmwarexeon_gold_6334xeon_d-1513nxeon_d-1537xeon_d-2187nt_firmwarexeon_d-2752nte_firmwarexeon_d-1739xeon_d-1543nxeon_d-1528_firmwarexeon_d-1539_firmwarexeon_d-1559xeon_d-1702xeon_d-1521xeon_gold_6342xeon_d-1748te_firmwarexeon_d-1749ntxeon_platinum_8353h_firmwarexeon_platinum_8376h_firmwarexeon_d-1712tr_firmwarexeon_d-2798nx_firmwarexeon_platinum_8352sxeon_gold_6346_firmwarexeon_gold_5318yxeon_gold_6328hxeon_d-2183it_firmwarexeon_d-2753ntxeon_gold_6334_firmwarexeon_d-2775texeon_d-1557xeon_d-1714_firmwarexeon_d-1736nt_firmwarexeon_d-1602_firmwarexeon_gold_6328hlxeon_d-1726xeon_d-2177ntxeon_d-1553n_firmwareIntel(R) Xeon(R) Processors with Intel® Software Guard Extensions (SGX)
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found