Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-42718

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Dec, 2022 | 00:00
Updated At-24 Apr, 2025 | 20:11
Rejected At-
Credits

Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Dec, 2022 | 00:00
Updated At:24 Apr, 2025 | 20:11
Rejected At:
▼CVE Numbering Authority (CNA)

Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.html
N/A
Hyperlink: https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.html
x_transferred
Hyperlink: https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276 Incorrect Default Permissions
Type: CWE
CWE ID: CWE-276
Description: CWE-276 Incorrect Default Permissions
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Dec, 2022 | 21:15
Updated At:24 Apr, 2025 | 20:15

Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ni
ni
>>labview_command_line_interface>>Versions before 22.3.1(exclusive)
cpe:2.3:a:ni:labview_command_line_interface:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarynvd@nist.gov
CWE-276Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-276
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.htmlcve@mitre.org
Mitigation
Patch
Vendor Advisory
https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.htmlaf854a3a-2127-422b-91ae-364da2661108
Mitigation
Patch
Vendor Advisory
Hyperlink: https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.html
Source: cve@mitre.org
Resource:
Mitigation
Patch
Vendor Advisory
Hyperlink: https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mitigation
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

383Records found
CVE-2023-28079
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 14.03%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:20
Updated-10 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-27505
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.60%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-advanced_link_analyzerIntel(R) Advanced Link Analyzer Standard Edition software installers
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-50236
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.15%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-07 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Siemens AG
Product-polarion_almPolarion ALM
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20436
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 3.10%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20495
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.44%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20474
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.82%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-50612
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.27%
||
7 Day CHG~0.00%
Published-06 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.

Action-Not Available
Vendor-n/aFIT2CLOUD Inc.
Product-cloudexplorer_liten/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20456
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.60%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-20452
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20475
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.44%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-240663194

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20435
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 3.10%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20611
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.66%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-27305
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.82%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-02 Aug, 2024 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsarc_a_graphicsiris_xe_graphicsIntel(R) Arc(TM) Control software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20246
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.44%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:08
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230493191

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-21126
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-18 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-21107
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25941
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:22
Updated-11 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-24460
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzersIntel(R) GPA software installersgraphics_performance_analyzer
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-1038
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.06%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 20:38
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.

Action-Not Available
Vendor-HP Inc.
Product-laptop_17-by0xxxomen_15-ax0xxlaptop_15q-dy1xxxenvy_laptop_17m-ae0xxenvy_x360_convertible_pc_15m-bp1xxnotebook_pc_15-be1xx250_g6_notebook_pcenvy_laptop_17m-bw0xxxomen_15-ax1xxnotebook_14-au0xxprobook_640_g3laptop_14s-dy0xxxprodesk_600_g3_microtower_pcnotebook_14-aq1xxomen_17-an1xxconvertible_x360_11-ab1xxstream_11_pro_g3_notebook_pcengage_one_aio_systempavilion_x360_convertible_11m-ad1xxelitebook_850_g3prodesk_480_g5_microtower_pcelitedesk_800_g4_sffspectre_x360_convertible_15-ap0xxnotebook_15-bf1xxlaptop_14-bw0xxstream_laptop_11-y1xxlaptop_14q-bu1xxprobook_455_g6pavilion_x360_convertible_15-dq0xxxpavilion_notebook_17-ab3xxlaptop_15g-dx0xxxomen_17-an0xxlaptop_15s-fy0xxxprobook_650_g2zbook_17_g4envy_notebook_17-u1xxconvertible_x360_11-ab0xxpavilion_laptop_14-ce1xxxlaptop_15-dy0xxxzbook_15_g3laptop_14q-cy0xxxpavilion_x360_convertible_14-cc0xxspectre_x360_convertible_15-bl1xxlaptop_14-bp1xxlaptop_14-cf0xxxpavilion_laptop_14-bk0xxx360_310_g2_convertible_pcelitebook_840r_g4elitedesk_705_g2_mt_sffspectre_x360_convertible_13-w0xxprodesk_400_g4_microtowerlaptop_15-di0xxxlaptop_15-bs5xxenvy_notebook_17-s1xxlaptop_14s-cr0xxxpavilion_gaming_laptop_15-cx0xxxeliteone_800_g2pavilion_x360_convertible_14q-dh0xxxenvy_laptop_13-ah0xxxprobook_450_g3envy_x360_convertible_m6-ar0xxpavilion_laptop_15-cc7xxprobook_470_g4stream_14_pro_notebook_pcnotebook_14-ar0xxprodesk_600_g2_dmelitebook_725_g4laptop_14s-dk0xxxpavilion_15-bc000_notebook_pc_series_\(touch\)290_g1_microtower_pclaptop_15-db0xxxpavilion_x360_convertible_11-ad1xxprodesk_480_g4_microtower_pcpavilion_gaming_laptop_15-dk0xxxproone_440_g4zbook_15u_g3envy_x360_convertible_13-y0xxlaptop_15q-bu1xxpavilion_x360_convertible_15-br0xxzhan_66_pro_15_g2laptop_14-bs1xxpavilion_14_g1_notebook_pcpavilion_x360_convertible_14m-dh0xxxlaptop_14s-dm0xxxlaptop_14s-bc1xxproone_600_g2laptop_14s-dr0xxxelitedesk_800_g2_sffnotebook_17-x1xxpavilion_x360_convertible_14q-cd1xxxprodesk_400_g5_microtowerenvy_x360_convertible_15-w2xxelitebook_745_g5notebook_14-as0xxlaptop_15g-dr0xxxomen_17-cb0xxxlaptop_17-ak0xxenvy_x360_convertible_pc_15m-bp0xxprobook_430_g4laptop_14g-cr0xxxnotebook_17-ad1xxpavilion_notebook_17-ab0xxlaptop_15g-br0xxpavilion_x360_convertible_14m-ba1xxelitebook_755_g5envy_notebook_15-as1xxlaptop_14q-cy1xxxstream_14-ax000_laptop_pcstream_11_pro_g4pavilion_x360_convertible_11-u1xx15-f200_notebook_pc_touchprobook_440_g3laptop_15-bs1xxnotebook_14-an0xxlaptop_14s-bc0xxpavilion_x360_convertible_15-bk1xxnotebook_14-am1xxenvy_x360_convertible_15m-dr0xxxpro_tablet_608_g1notebook_15-f3xxnotebook_14-ar1xxlaptop_15-ra0xxzbook_14u_g4pro_x2_612_g2260_g3_desktop_minilaptop_14s-bp0xxpavilion_x360_convertible_m1-u0xxprodesk_680_g2_microtower_pcelitedesk_800_65w_g2_desktop_mini_pcpavilion_x360_convertible_14-cc1xxzhan_99_g1_mobile_workstationeliteone_1000_g2pavilion_15-bc000_notebook_pc_seriesenvy_x360_convertible_15m-cn0xxxpavilion_laptop_14-bf0xxlaptop_15g-bx0xxnotebook_14-aq0xxpavilion_notebook_15-bc3xxprobook_430_g3probook_11_g2250_g5_notebook_pc260_g3_desktop_mini_pcspectre_x2_detachable_12-c0xxprodesk_400_g3_sfflaptop_14g-br1xxlaptop_15s-dr0xxxlaptop_15-bs2xxnotebook_15-bg1xxelitebook_725_g3elitebook_1030_g1envy_laptop_17m-ce0xxxpavilion_laptop_15-cs0xxxpavilion_laptop_17-ar0xxenvy_x360_convertible_15-aq1xxprodesk_400_g3_dmspectre_folio_convertible_13-ak0xxxprodesk_600_g3_desktop_minipavilion_laptop_15-ck0xx280_g3_pci_microtower_pcelitedesk_800_g3_sff255_g7_notebook_pcelitebook_745_g4probook_650_g3envy_laptop_17-ce0xxxelitebook_revolve_810_g3elitebook_846_g5pavilion_notebook_15-dp0xxx255_g5_notebook_pcnotebook_15-ba0xxlaptop_14-di0xxxelitebook_1050_g1laptop_14-dk0xxxspectre_pro_x360_g2_convertible_pcelitedesk_800_35w_g2_desktop_mini_pclaptop_17-ca0xxxpavilion_x360_14_g1_convertible_pcenvy_x360_convertible_15-bq0xx255_g6_notebook_pcpavilion_laptop_15-cs1xxxlaptop_14-di1xxxpavilion_laptop_14-ce0xxxzbook_17_g2notebook_17-x0xx240_g5_notebook_pcprobook_455_g3probook_655_g2vr_backpack_g2zhan_66_pro_a_g1spectre_x360_convertible_15-ch0xx288_pro_g3_microtower_pcelitedesk_880_g4_tower_pcelitebook_840_g5_healthcare_editionlaptop_15-dw0xxxpavilion_x360_convertible_11m-ad0xxstream_laptop_11-ak0xxxelitebook_830_g5zbook_15_g2laptop_14-cm1xxxenvy_x360_convertible_15-cn0xxxlaptop_14s-be0xxzbook_studio_g4probook_446_g3envy_laptop_17m-ae1xxlaptop_14q-bu0xxlaptop_14s-cs1xxxomen_15-dc0xxxspectre_x360_convertible_15-df0xxxlaptop_17g-cr0xxxpavilion_17-ab000_notebook_pc_series_\(touch\)laptop_17-by1xxxelitedesk_800_65w_g3_desktop_mini_pcelitedesk_705_g4_microtower_pcspectre_laptop_13-af0xxspectre_x360_convertible_13-ap0xxxpavilion_laptop_15-cw1xxxelitebook_1040_g2elitebook_755_g4zbook_15u_g4elitedesk_705_g3_microtower_pcprobook_440_g6laptop_14s-cs0xxxlaptop_15-bw5xxnotebook_pc_15-bd1xxlaptop_17-bs0xxprobook_x360_11_g3_education_editionelitebook_828_g3eliteone_1000_g1envy_x360_convertible_13-ar0xxxpavilion_power_laptop_15-cb0xxpavilion_laptop_14-bf6xxproone_600_g4spectre_notebook_13-v1xxenvy_x360_convertible_pc_15-bp1xxnotebook_pc_15-be0xxlaptop_14-bs0xxlaptop_14-bs5xxenvy_notebook_15-as0xxenvy_x360_convertible_15m-bq1xxlaptop_14s-dp0xxxlaptop_14-ma1xxxenvy_x360_convertible_13m-ar0xxxelitebook_840_g3stream_11_pro_g5_notebook_pcprobook_640_g4probook_645_g3elitebook_840_g4omen_15-dg0xxxpavilion_notebook_14-al1xxpavilion_notebook_17-ab2xxprodesk_600_g2_sffomen_17-w0xxprodesk_600_g3_sffnotebook_pc_15-ay1xxenvy_x360_convertible_15m-cp0xxxlaptop_15-di1xxxpavilion_x360_convertible_14-ba2xxpavilion_laptop_15-cu1xxxprodesk_400_g2_dmelitedesk_800_35w_g3_desktop_mini_pclaptop_14g-cx0xxxeliteone_800_g3pavilion_x360_convertible_11-u0xxpavilion_laptop_15-cc5xxelitedesk_880_g3_tower_pczbook_studio_g5elitebook_840_g5laptop_14s-bp1xxlaptop_15-bs0xxenvy_x360_convertible_15-aq2xxlaptop_14q-bu2xxenvy_laptop_13-ad0xxlaptop_15q-ds0xxxlaptop_14q-cs0xxxprobook_x360_440_g1pavilion_notebook_15-bc4xxelitebook_820_g4laptop_14g-cx1xxxnotebook_15-bg0xxlaptop_15-bw6xxelitebook_850_g5pavilion_x360_convertible_11m-ap0xxxlaptop_15q-by0xxlaptop_15g-br1xxpavilion_x360_convertible_15-br1xxlaptop_14-ck0xxxpavilion_laptop_15-cc0xxenvy_x360_convertible_pc_15-bp000elitebook_848_g3elitebook_x360_1040_g5elitebook_755_g3elitebook_folio_g1pavilion_x360_convertible_15-cr0xxxlaptop_14g-br2xxprobook_650_g4pavilion_x360_convertible_14-ba1xxenvy_x360_convertible_13-ag0xxxlaptop_14-bs2xxenvy_x360_convertible_15m-bq0xxspectre_x360_convertible_13-42xxprodesk_680_g4_microtower_pc\(with_pci_slot\)notebook_17-ac0xxlaptop_17g-br1xxenvy_notebook_13-d1xxzhan_86_pro_g1elite_x2_1013_g3elitebook_x360_1020_g2spectre_x360_convertible_13-ae0xxelitebook_x360_1030_g3envy_x360_convertible_15-dr0xxxzhan_66_pro_13_g2laptop_15-bs6xxenvy_laptop_17-bw0xxxzbook_studio_x360_g5zhan_66_pro_14_g2probook_445_g6elitedesk_800_g3_tower_pcelitedesk_705_g3_desktop_minilaptop_14s-dq0xxxprobook_645_g2notebook_17-ac1xxpavilion_notebook_17-ab4xxprodesk_680_g3_microtower_pczbook_15v_g5_mobile_workstation280_g3_microtower_pcpavilion_notebook_14-al0xxlaptop_14q-by0xxenvy_laptop_13-aq0xxxenvy_x360_convertible_15-ds0xxxprobook_430_g5laptop_15q-dy0xxxelitedesk_800_65w_g4_desktop_mini_pcpavilion_x360_convertible_14-dh0xxxpavilion_notebook_14-av0xxprobook_x360_11_g2laptop_15s-du0xxxnotebook_15-ba1xxnotebook_pc_15-ay0xxelitedesk_800_g2_twrprodesk_400_g4_sffpavilion_notebook_15-au0xxlaptop_17q-cs0xxxspectre_x360_convertible_15-bl0xx340_g5_notebook_pcomen_15-ce0xxlaptop_15g-dx1xxxomen_17-ap0xxelitebook_828_g4elitebook_850_g4pavilion_x360_convertible_14m-ba0xxelitebook_x360_1030_g2engage_go_mobile_system258_g7_notebook_pcenvy_x360_convertible_15-cp0xxxenvy_x2_detachable_12-g0xxlaptop_15-bs7xxlaptop_14-dq0xxxenvy_laptop_13-ah1xxxlaptop_17-bs1xxlaptop_14s-be1xxelitebook_820_g3pavilion_x360_convertible_14-ba0xxlaptop_15-ra1xxelite_x2_1012_g2pavilion_laptop_14-ce2xxxspectre_laptop_13-af1xxenvy_laptop_17-ae0xxpavilion_x360_convertible_13-u0xxpavilion_gaming_laptop_17-cd0xxxlaptop_14-cf1xxxzhan_66_pro_g1envy_notebook_17-u2xxelitebook_836_g5pavilion_notebook_15-au1xxprodesk_400_g4_dmproone_400_g2laptop_17q-bu1xxlaptop_17-ca1xxxnotebook_14-am0xxpavilion_x360_convertible_m1-u1xxomen_15-ax2xxenvy_x360_convertible_15-bq1xxpavilion_x360_convertible_14q-cd0xxxlaptop_14s-cr1xxxprobook_455_g4probook_450_g4laptop_17g-cr1xxxlaptop_14g-br0xxenvy_x360_convertible_13m-ag0xxxlaptop_15q-ds1xxxlaptop_14g-cr1xxxeliteone_800_g4omen_17-w1xxprobook_470_g5pavilion_x360_convertible_11-ad0xxomen_15-ce1xxpavilion_laptop_15-cu0xxxlaptop_15-db1xxxlaptop_14-cm0xxxenvy_x360_convertible_15-bq2xxlaptop_17g-br0xxnotebook_pc_15-ay5xxlaptop_15s-fq0xxxpro_x2_612_g1laptop_15-da0xxxlaptop_14q-cs1xxxnotebook_17-y0xxpavilion_laptop_15-cc6xxelitedesk_880_g2_tower_pcpavilion_15-bc500_laptopprobook_655_g3elitedesk_800_g4_tower_pcnotebook_15-bf0xxpavilion_notebook_17-g2xxlaptop_14-bs6xxpavilion_laptop_14-bf1xxenvy_x360_convertible_15-aq0xxproone_600_g3laptop_15s-dy0xxxlaptop_15-da1xxxpavilion_x360_convertible_m3-s000pavilion_laptop_15-cs2xxxpavilion_x360_convertible_11-ap0xxxlaptop_15s-fr0xxxlaptop_14-ma0xxxlaptop_15-bw0xxpavilion_notebook_15-aw1xxenvy_x360_convertible_15m-ds0xxxpavilion_laptop_15-cc1xxprobook_645_g4laptop_15g-dr1xxxpavilion_laptop_15-cd0xxprobook_x360_11_g1zbook_15_g5notebook_pc_15-bd0xx240_g6_notebook_pcprobook_450_g5pavilion_notebook_15-bc2xxenvy_laptop_17-ae1xx240_g7_notebook_pcpavilion_laptop_14-bk1xxomen_15-dh0xxxelitebook_1040_g4elitebook_735_g5notebook_17-ad0xxprodesk_600_g2_microtower_pcelitedesk_705_g3_sff_pcpavilion_x360_convertible_15-bk0xxprobook_470_g3laptop_17q-cs1xxxenvy_x360_convertible_15-ar0xxenvy_x360_convertible_15-cn1xxxengage_flex_pro-c_retail_systempavilion_x360_convertible_13-u1xxspectre_x360_convertible_13-ac0xxspectre_pro_13_g1_notebook_pcpavilion_laptop_15-cw0xxxelitebook_848_g4omen_17-w2xxprobook_640_g2pavilion_laptop_13-an0xxxprobook_440_g5probook_430_g6laptop_17q-bu0xxlaptop_14s-cf0xxx245_g6_notebook_pcstream_11_pro_g4_notebook_pcelite_x2_1012_g1laptop_14-bp0xxlaptop_14s-cf1xxxprobook_440_g4probook_450_g6pavilion_notebook_17-g1xxproone_480_g3zbook_15_g4245_g7_notebook_pcenvy_laptop_13-ad1xxlaptop_14-ck1xxxjumpstartlaptop_15q-bu0xxlaptop_14g-bx0xxspectre_notebook_13-v0xxHP Jumpstart
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-47761
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 3.15%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 15:52
Updated-16 Jan, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MilleGPG5 5.7.2 Luglio 2021 (x64) - Local Privilege Escalation

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts.

Action-Not Available
Vendor-Millegpg
Product-MilleGPG5
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-0486
Matching Score-4
Assigner-Fidelis Security, LLC
ShareView Details
Matching Score-4
Assigner-Fidelis Security, LLC
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 32.54%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:32
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privileged Command Injection Vulnerability in Fidelis Network and Deception

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.

Action-Not Available
Vendor-fidelissecurityFidelis Cybersecurity
Product-deceptionnetworkFidelis DeceptionFidelis Network
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-47040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.39%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.

Action-Not Available
Vendor-n/aAskey Computer Corp.
Product-rtf3505vw-n1rtf3505vw-n1_firmwaren/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-4569
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.66%
||
7 Day CHG+0.01%
Published-05 Jun, 2023 | 20:59
Updated-08 Jan, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_hybrid_usb-c_with_usb-a_dockthinkpad_hybrid_usb-c_with_usb-a_dock_firmwareThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-45153
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-7||HIGH
EPSS-0.15% / 35.10%
||
7 Day CHG-0.01%
Published-15 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.

Action-Not Available
Vendor-openSUSESUSE
Product-linux_enterprise_module_for_sap_applicationslinux_enterprise_serverleapSUSE Linux Enterprise Module for SAP Applications 15-SP1openSUSE Leap 15.4SUSE Linux Enterprise Server for SAP 12-SP5
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-45452
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.49%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 09:21
Updated-22 Jan, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectwindowsagentAcronis Cyber Protect 15Acronis Agent
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-11097
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.39%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 21:08
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-trusted_execution_engine_firmwareIntel(R) Management Engine
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-43701
Matching Score-4
Assigner-Arm Limited
ShareView Details
Matching Score-4
Assigner-Arm Limited
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.40%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 21:28
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure directory permissions on installer files

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

Action-Not Available
Vendor-Arm Limited
Product-ds_development_studiolinaro_forgearm_compilerfast_modelsmbed_studioarm_compiler_for_embedded_fusaarm_mobile_studioarm_development_studioarm_compiler_for_functional_safetygnu_toolchainkeil_mdkArm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-43702
Matching Score-4
Assigner-Arm Limited
ShareView Details
Matching Score-4
Assigner-Arm Limited
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 21:47
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete verification of installation file signature

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

Action-Not Available
Vendor-Arm Limited
Product-ds_development_studioarm_compilerfast_modelsarm_compiler_for_embedded_fusaarm_development_studioarm_compiler_for_functional_safetyArm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-284
Improper Access Control
CVE-2019-10679
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.27%
||
7 Day CHG~0.00%
Published-03 Sep, 2020 | 14:40
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.

Action-Not Available
Vendor-thomsonreutersn/a
Product-eikonn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-13540
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.05% / 14.34%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 15:43
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.

Action-Not Available
Vendor-win911n/a
Product-win-911Win-911
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2018-9401
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.96%
||
7 Day CHG-0.00%
Published-17 Jan, 2025 | 23:17
Updated-10 Jul, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-40154
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.64%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-23 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privillaged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_usage_reportIntel(R) SUR for Gameplay Softwaresystem_usage_report
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-29570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.62%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 00:00
Updated-20 Aug, 2025 | 02:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc.

Action-Not Available
Vendor-szlbtn/a
Product-lbt-t300-t400_firmwarelbt-t300-t400n/a
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • Next
Details not found