Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-21938

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-12 Nov, 2024 | 17:14
Updated At-13 Nov, 2024 | 20:39
Rejected At-
Credits

Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:12 Nov, 2024 | 17:14
Updated At:13 Nov, 2024 | 20:39
Rejected At:
▼CVE Numbering Authority (CNA)

Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Management Plug-In for SCCM
Default Status
unaffected
Versions
Affected
  • From 0 before 7.0.0.1318 (software)
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276 Incorrect Default Permissions
Type: CWE
CWE ID: CWE-276
Description: CWE-276 Incorrect Default Permissions
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9005.html
N/A
Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9005.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Advanced Micro Devices, Inc.amd
Product
management_plugin_for_sccm
CPEs
  • cpe:2.3:a:amd:management_plugin_for_sccm:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 7.0.0.1318 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:12 Nov, 2024 | 18:15
Updated At:18 Dec, 2024 | 19:00

Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Advanced Micro Devices, Inc.
amd
>>management_plugin_for_sccm>>Versions before 7.0.0.1318(exclusive)
cpe:2.3:a:amd:management_plugin_for_sccm:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Secondarypsirt@amd.com
CWE-276Primarynvd@nist.gov
CWE ID: CWE-276
Type: Secondary
Source: psirt@amd.com
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9005.htmlpsirt@amd.com
Vendor Advisory
Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9005.html
Source: psirt@amd.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

435Records found
CVE-2020-12931
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.21%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:44
Updated-17 Sep, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xradeon_pro_w5500xamd_3020e_firmwareryzen_5_3580uryzen_3_pro_3200ge_firmwareathlon_silver_3050u_firmwareathlon_silver_3050e_firmwareryzen_3_3250cryzen_3_3100_firmwareamd_3015eryzen_9_3900xradeon_rx_5300ryzen_9_5900x_firmwareryzen_5_pro_3350ge_firmwareryzen_5_2500uathlon_gold_3150c_firmwareryzen_9_5980hxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900_firmwareryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_5_3600xt_firmwareryzen_3_5300geryzen_3_2300uryzen_5_3600x_firmwareryzen_7_3750h_firmwareryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960xradeon_rx_5700mamd_3020eryzen_threadripper_pro_3975wxathlon_pro_3145bryzen_5_5560uryzen_3_2200g_firmwareradeon_rx_5700ryzen_threadripper_pro_5945wxryzen_3_pro_3200geryzen_3_pro_3200g_firmwareryzen_5_2500u_firmwareradeon_rx_5700_xtryzen_3_3100ryzen_3_pro_3200gryzen_7_3750hradeon_rx_5500mryzen_7_5700u_firmwareryzen_3_2200u_firmwareathlon_silver_3050eryzen_3_3200gryzen_7_3780uryzen_9_5900hsryzen_3_2200uryzen_3_3250c_firmwareryzen_7_5700gryzen_9_5980hsryzen_5_2400geryzen_7_3700cryzen_5_pro_3350g_firmwareryzen_7_3800xt_firmwareryzen_5_5500u_firmwareryzen_7_5800h_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xenterprise_driverradeon_pro_softwareryzen_5_2600hryzen_5_3500uradeon_rx_5600mryzen_5_5500ryzen_7_2700uryzen_3_5400uradeon_softwareathlon_pro_3045bryzen_7_2800hryzen_5_5600_firmwareryzen_7_5800xryzen_5_3550hryzen_threadripper_3990x_firmwareryzen_7_3780u_firmwareryzen_9_3900athlon_silver_3050c_firmwareryzen_5_5600x_firmwareryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_7_5800x3dryzen_3_5300gryzen_9_5900ryzen_5_pro_3350gryzen_5_5600ge_firmwareryzen_9_5980hs_firmwareryzen_threadripper_3990xryzen_5_3500c_firmwareryzen_5_3400g_firmwareryzen_5_5600hs_firmwareathlon_gold_3150uryzen_3_3350u_firmwareryzen_threadripper_pro_5955wxradeon_rx_5600_xtryzen_5_5600h_firmwareryzen_5_5500uryzen_3_5400u_firmwareathlon_silver_3050cryzen_7_5800ryzen_3_3300u_firmwareryzen_7_3800xryzen_5_2400ge_firmwareryzen_5_2400gryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_5_3580u_firmwareryzen_3_2200geryzen_5_3500cryzen_3_3300x_firmwareryzen_5_5600hryzen_5_pro_3400g_firmwareryzen_9_3900xt_firmwareryzen_3_5300u_firmwareryzen_3_3300uryzen_3_5300uryzen_threadripper_pro_5945wx_firmwareryzen_5_5600gryzen_5_3600xtryzen_5_3500x_firmwareryzen_9_3900xtryzen_5_3550h_firmwareryzen_5_5600uryzen_threadripper_pro_5975wxathlon_pro_3045b_firmwareryzen_3_2300u_firmwareradeon_rx_5500radeon_pro_w5700ryzen_9_5900hx_firmwareryzen_5_3500xryzen_9_5950x_firmwareryzen_5_5600geradeon_rx_5300_xtryzen_7_3700u_firmwareryzen_7_5800x_firmwareryzen_3_5300ge_firmwareryzen_7_2700u_firmwareryzen_5_pro_3400gryzen_7_5700geryzen_5_3450uryzen_3_2200ge_firmwareathlon_pro_3145b_firmwareryzen_7_3800x_firmwareryzen_7_2800h_firmwareryzen_5_pro_3350geryzen_threadripper_pro_3945wx_firmwareamd_3015ce_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_3_3200g_firmwareryzen_7_3800xtryzen_7_5700g_firmwareryzen_threadripper_pro_5975wx_firmwareryzen_9_3950x_firmwareryzen_threadripper_pro_3995wxradeon_rx_5300mradeon_pro_w5700xryzen_7_3700c_firmwareryzen_7_5700x_firmwareryzen_3_5300g_firmwareryzen_threadripper_pro_3955wxradeon_rx_5500_xtryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_7_3700uathlon_silver_3050uryzen_3_3350uryzen_5_3500_firmwareryzen_3_2200gryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareryzen_5_5560u_firmwareamd_3015ceryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_7_5800uryzen_9_5900hxathlon_gold_3150cryzen_3_3250uryzen_5_5600g_firmwareryzen_5_2400g_firmwareathlon_gold_3150u_firmwareradeon_pro_w5500ryzen_5_pro_3400geryzen_9_3950xradeon_rx_5600ryzen_5_5600ryzen_threadripper_3970xryzen_5_3500ryzen_7_5800hryzen_5_3450u_firmwareamd_3015e_firmwareryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_3_3250u_firmwareryzen_5_3500u_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_5_pro_3400ge_firmwareryzen_7_5800hs_firmwareryzen_threadripper_pro_5995wx_firmwareryzen_7_5700uryzen_7_5700ge_firmwareryzen_7_5700xAMD Radeon RX 5000 Series & PRO W5000 SeriesAMD Ryzen(TM) Embedded R1000AMD Ryzen(TM) Embedded R2000AMD Ryzen(TM) Embedded V1000AMD Ryzen(TM) Embedded 5000
CVE-2020-12964
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.62%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 14:51
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_softwareAMD Radeon Software
CVE-2020-12961
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:13
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7282_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7302epyc_7413_firmwareepyc_7232pepyc_7002epyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_75f3_firmwareepyc_7662_firmwareepyc_7f72_firmwareepyc_7642epyc_7343_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7313pepyc_7002_firmwareepyc_7313epyc_7663_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7763epyc_7302_firmwareepyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7003epyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7313_firmwareepyc_7543pepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_74f3epyc_7352_firmwareepyc_7532epyc_73f32nd Gen AMD EPYC™3rd Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12980
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.38%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 21:49
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwareradeon_pro_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12944
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.53%
||
7 Day CHG-0.01%
Published-16 Nov, 2021 | 18:17
Updated-16 Sep, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareepyc_7443_firmwareepyc_7402pepyc_7451epyc_7261epyc_7282_firmwareepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7f32epyc_7542_firmwareepyc_7551_firmwareepyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7351p_firmwareepyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7281_firmwareepyc_7413_firmwareepyc_7h12_firmwareepyc_7601epyc_7302epyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_7371epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7551epyc_7281epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7401epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7351epyc_7261_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7301_firmwareepyc_73f3Athlon™ SeriesRyzen™ Series
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12900
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.62%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:27
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CVE-2020-12928
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-9.44% / 92.49%
||
7 Day CHG~0.00%
Published-13 Oct, 2020 | 21:12
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.
Product-ryzen_masterAMD Ryzen Master
CWE ID-CWE-749
Exposed Dangerous Method or Function
CVE-2020-12903
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.62%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 19:44
Updated-17 Sep, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12927
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.37%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 19:09
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.
Product-vbios_flash_tool_software_development_kitAMD VBIOS Flash Tool SDK
CWE ID-CWE-749
Exposed Dangerous Method or Function
CVE-2020-12982
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.38%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 21:49
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwareradeon_pro_softwarewindows_10AMD Radeon Software
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2020-12898
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.13%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 18:58
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12893
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.13%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 19:45
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12986
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 21:50
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwareradeon_pro_softwarewindows_10AMD Radeon Software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31361
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.06%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 20:07
Updated-12 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AIM-T (AMD Integrated Management Technology) software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-26323
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:14
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7313epyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7713pepyc_74f3_firmwareepyc_7513epyc_7443epyc_7313p_firmwareepyc_7763epyc_7232p_firmwareepyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7713epyc_7513_firmwareepyc_7543p_firmwareepyc_7443p_firmwareepyc_7413_firmwareepyc_7232pepyc_7643epyc_72f3epyc_7643_firmwareepyc_7663epyc_75f3epyc_72f3_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_75f3_firmwareepyc_7453_firmwareepyc_7343_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26353
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.18%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 18:33
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7313epyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7713pepyc_7573xepyc_74f3_firmwareepyc_7513epyc_7443epyc_7313p_firmwareepyc_7763epyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7373xepyc_7713epyc_7513_firmwareepyc_7543p_firmwareepyc_7443p_firmwareepyc_7773xepyc_7413_firmwareepyc_72f3epyc_7643epyc_7643_firmwareepyc_7663epyc_7773x_firmwareepyc_75f3epyc_72f3_firmwareepyc_7373x_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_75f3_firmwareepyc_7473xepyc_7453_firmwareepyc_7343_firmwareepyc_7473x_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen EPYC
CWE ID-CWE-665
Improper Initialization
CVE-2021-26324
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.60%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 18:27
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7313epyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7713pepyc_7573xepyc_74f3_firmwareepyc_7513epyc_7443epyc_7313p_firmwareepyc_7763epyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7373xepyc_7713epyc_7513_firmwareepyc_7543p_firmwareepyc_7443p_firmwareepyc_7773xepyc_7413_firmwareepyc_72f3epyc_7643epyc_7643_firmwareepyc_7663epyc_7773x_firmwareepyc_75f3epyc_72f3_firmwareepyc_7373x_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_75f3_firmwareepyc_7473xepyc_7453_firmwareepyc_7343_firmwareepyc_7473x_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYC™
CVE-2021-26386
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.27%
||
7 Day CHG-0.01%
Published-12 May, 2022 | 18:28
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_5800x_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_5600gryzen_9_3900xryzen_5_2500uryzen_9_5980hxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_3_2300uryzen_7_5825uryzen_7_5825u_firmwareryzen_5_5700geryzen_5_3600x_firmwareryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_threadripper_pro_3975wxryzen_5900xryzen_5_5560uryzen_5300ge_firmwareryzen_threadripper_pro_5945wxryzen_5_2500u_firmwareryzen_5700gryzen_3_3100ryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_5300g_firmwareryzen_9_5980hsryzen_threadripper_2920xryzen_3_5125c_firmwareryzen_7_5825c_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_7_5800h_firmwareryzen_3_3300xryzen_7_3700xryzen_threadripper_pro_5965wx_firmwareryzen_5_5625c_firmwareryzen_5950x_firmwareryzen_5_2600hryzen_5_5625cryzen_7_2700uryzen_3_5400uryzen_5_3450g_firmwareryzen_7_2800hryzen_threadripper_3990x_firmwareryzen_5_2600x_firmwareryzen_5700g_firmwareryzen_5_5600x_firmwareryzen_7_3700x_firmwareryzen_5900x_firmwareryzen_9_5980hs_firmwareryzen_5300gryzen_5700geryzen_threadripper_3990xryzen_5_5600hs_firmwareryzen_5800x3d_firmwareryzen_5_3400g_firmwareryzen_7_2700_firmwareryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_7_3800xryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_5600x_firmwareryzen_threadripper_pro_5945wx_firmwareryzen_3_5425cryzen_3_5425u_firmwareryzen_3_3300g_firmwareryzen_5_3450gryzen_5600geryzen_5_5600uryzen_threadripper_pro_5975wxryzen_3_2300u_firmwareryzen_9_5900hx_firmwareryzen_5600ge_firmwareryzen_threadripper_2970wxryzen_5_2600xryzen_7_2700u_firmwareryzen_5_5625uryzen_threadripper_2920x_firmwareryzen_5600g_firmwareryzen_3_5125cryzen_7_3800x_firmwareryzen_7_2800h_firmwareryzen_5_5700gryzen_9_5900hs_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareryzen_5800xryzen_9_3950x_firmwareryzen_5700ge_firmwareryzen_threadripper_pro_3995wxryzen_7_2700xryzen_5_5700g_firmwareryzen_threadripper_pro_3955wxryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_3_5425uryzen_5_5700ge_firmwareryzen_threadripper_pro_3955wx_firmwareryzen_5600xryzen_5300geryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_7_5825cryzen_5950xryzen_5_2600h_firmwareryzen_7_5800uryzen_threadripper_pro_5965wxryzen_9_5900hxryzen_5800x3dryzen_9_3950xryzen_threadripper_2990wxryzen_threadripper_3970xryzen_3_5425c_firmwareryzen_3_3300gryzen_7_5800hryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_7_5800hs_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareAthlon™ SeriesRyzen™ Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26316
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.13%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 19:46
Updated-09 Apr, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xepyc_7543epyc_7402athlon_silver_3050u_firmwareathlon_silver_3050e_firmwareathlon_3150g_firmwareepyc_7f32epyc_7713pepyc_7443epyc_7513ryzen_9_5900x_firmwareathlon_silver_pro_3125ge_firmwareryzen_5_2500uathlon_gold_3150c_firmwareryzen_9_5980hxepyc_7453ryzen_3_5300geryzen_3_2300uryzen_5_5600hsathlon_gold_pro_3150gryzen_7_5825uryzen_7_5825u_firmwareepyc_7542athlon_silver_pro_3125geepyc_7413_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_2950xryzen_threadripper_pro_3975wxathlon_pro_3145bepyc_7002epyc_7643_firmwareryzen_3_2200g_firmwareepyc_7f52ryzen_threadripper_pro_5945wxepyc_7373x_firmwareryzen_5_2500u_firmwareepyc_7f32_firmwareathlon_silver_3050geepyc_75f3_firmwareryzen_3_2200u_firmwareathlon_silver_3050eryzen_3_2200uryzen_7_5700gryzen_threadripper_2920xryzen_5_2400geryzen_7_5825c_firmwareepyc_7573x_firmwareryzen_5_2600ryzen_7_2700x_firmwareryzen_5_2600hryzen_5_pro_2500uryzen_5_5500ryzen_3_5400uathlon_gold_pro_3150geepyc_7713ryzen_5_5600_firmwareepyc_7003athlon_gold_3150geryzen_5_5600x_firmwareryzen_9_5980hs_firmwareryzen_7_5800x3dryzen_5_5600ge_firmwareryzen_7_2700_firmwareathlon_3150ge_firmwareryzen_5_2700xryzen_5_5600h_firmwareryzen_5_2600_firmwareryzen_7_5800ryzen_5_2400ge_firmwareryzen_5_2400gryzen_3_pro_2300u_firmwareryzen_9_5950xryzen_pro_5650ge_firmwareryzen_5_5500_firmwareepyc_7743ryzen_3_2200geepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7542_firmwareryzen_5_pro_2500u_firmwareryzen_threadripper_pro_5945wx_firmwareepyc_7313p_firmwareepyc_7252epyc_7502pryzen_5_5600uathlon_pro_3045b_firmwareryzen_5_5600geryzen_7_2700u_firmwareryzen_pro_2400geryzen_7_2800h_firmwareryzen_9_5900hs_firmwareryzen_threadripper_pro_3945wx_firmwareepyc_72f3_firmwareepyc_7662epyc_7642ryzen_threadripper_pro_5975wx_firmwareryzen_pro_5350ge_firmwareepyc_7502p_firmwareepyc_7413ryzen_7_2700xryzen_pro_2400g_firmwareepyc_7313ryzen_7_5700x_firmwareepyc_7663_firmwareryzen_threadripper_pro_3955wxepyc_7302pryzen_pro_2400gepyc_74f3_firmwareathlon_silver_3050uryzen_3_5425uepyc_7763ryzen_3_2200gryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareryzen_9_5980hx_firmwareepyc_7402_firmwareepyc_7713p_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_threadripper_pro_3795wx_firmwareepyc_7f52_firmwareryzen_7_5825cryzen_7_5800uryzen_pro_5650gryzen_5_5600g_firmwareryzen_5_2400g_firmwareryzen_7_pro_2700u_firmwareepyc_7402p_firmwareryzen_threadripper_2990wxryzen_5_5600ryzen_3_5425c_firmwareryzen_7_5800hepyc_7543pepyc_7453_firmwareryzen_threadripper_pro_3975wx_firmwareathlon_gold_3150ge_firmwareryzen_pro_5750gryzen_7_5700uryzen_7_5700ge_firmwareathlon_3150geathlon_gold_pro_3150ge_firmwareepyc_7502_firmwareryzen_5_2700x_firmwareepyc_7262_firmwareepyc_7282_firmwareepyc_7272_firmwareepyc_7573xryzen_threadripper_2950x_firmwareepyc_7232p_firmwareepyc_7702ryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900_firmwareryzen_threadripper_pro_5995wxryzen_pro_5750geepyc_7373xepyc_7513_firmwareryzen_pro_5650geryzen_5_5700geepyc_7h12_firmwareryzen_5_5560uepyc_75f3ryzen_pro_5650g_firmwareepyc_7743_firmwareepyc_7f72_firmwareepyc_7662_firmwareepyc_7502ryzen_7_5700u_firmwareepyc_7343_firmwareryzen_9_5900hsepyc_7313pepyc_7002_firmwareathlon_silver_3050ge_firmwareryzen_9_5980hsryzen_3_5125c_firmwareryzen_5_5500u_firmwareryzen_7_2700ryzen_7_5800h_firmwareryzen_pro_5750g_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_5_5625c_firmwareepyc_7352ryzen_5_5625cryzen_pro_5350gepyc_7713_firmwareepyc_7742epyc_7272ryzen_7_2700uathlon_pro_3045bepyc_7003_firmwareepyc_7443p_firmwareryzen_7_2800hryzen_7_5800xathlon_3150gepyc_7773xathlon_silver_3050c_firmwareryzen_5_2600x_firmwareryzen_3_5300gryzen_9_5900ryzen_pro_2200ge_firmwareryzen_5_5600hs_firmwareathlon_gold_3150uryzen_threadripper_pro_5955wxryzen_pro_2200gryzen_5_5500uryzen_3_5400u_firmwareryzen_pro_2400ge_firmwareepyc_7742_firmwareathlon_silver_3050cryzen_threadripper_pro_3795wxathlon_3050ge_firmwareryzen_pro_5350g_firmwareryzen_threadripper_2990wx_firmwareryzen_7_pro_2700uryzen_5_5600hryzen_3_5300u_firmwareepyc_7763_firmwareryzen_3_5300uryzen_3_5425cryzen_5_5600gryzen_3_5425u_firmwareathlon_3050geryzen_threadripper_pro_5975wxepyc_7302p_firmwareryzen_3_2300u_firmwareryzen_9_5900hx_firmwareryzen_9_5950x_firmwareepyc_7642_firmwareryzen_threadripper_2970wxepyc_7h12epyc_7452ryzen_7_5800x_firmwareepyc_7543p_firmwareryzen_3_5300ge_firmwareryzen_5_2600xryzen_5_5625uryzen_threadripper_2920x_firmwareryzen_7_5700geepyc_7302athlon_pro_3145b_firmwareryzen_3_2200ge_firmwareryzen_3_5125cryzen_pro_5750ge_firmwareepyc_7232pryzen_5_5700gepyc_7663ryzen_5_5600u_firmwareepyc_7552_firmwareepyc_7773x_firmwareepyc_7f72ryzen_7_5700g_firmwareryzen_threadripper_2970wx_firmwareryzen_pro_2200geepyc_7532_firmwareryzen_threadripper_pro_3995wxryzen_5_5700g_firmwareryzen_pro_5350geryzen_3_5300g_firmwareryzen_7_5800u_firmwareepyc_7552epyc_7702p_firmwareryzen_5_5700ge_firmwareepyc_7302_firmwareryzen_5_5560u_firmwareepyc_73f3_firmwareepyc_7702pepyc_7262ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_pro_2200g_firmwareryzen_9_5900hxathlon_gold_pro_3150g_firmwareathlon_gold_3150cepyc_72f3epyc_7643athlon_gold_3150u_firmwareepyc_7452_firmwareepyc_7313_firmwareryzen_3_pro_2300uepyc_7443pryzen_threadripper_pro_3945wxryzen_7_5800hs_firmwareepyc_7282ryzen_threadripper_pro_5995wx_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532ryzen_5_5625u_firmwareryzen_7_5700xepyc_73f31st Gen EPYC 3rd Gen EPYCRyzen 5000 Series Ryzen 3000 SeriesRyzen 2000 Series2nd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26392
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.32%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:44
Updated-16 Sep, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xradeon_pro_w5500xamd_3020e_firmwareryzen_5_3580uradeon_rx_vega_64ryzen_3_pro_3200ge_firmwareathlon_silver_3050u_firmwareathlon_silver_3050e_firmwareryzen_3_3250cradeon_rx_6600ryzen_3_3100_firmwareamd_3015eryzen_9_3900xradeon_rx_5300ryzen_9_5900x_firmwareryzen_5_pro_3350ge_firmwareradeon_rx_vega_56ryzen_5_2500uathlon_gold_3150c_firmwareryzen_9_5980hxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900_firmwareryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_5_3600xt_firmwareryzen_3_5300geryzen_3_2300uryzen_5_3600x_firmwareryzen_7_3750h_firmwareradeon_rx_6700sryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960xradeon_rx_5700mamd_3020eryzen_threadripper_pro_3975wxathlon_pro_3145bryzen_5_5560uryzen_3_2200g_firmwareradeon_rx_5700ryzen_threadripper_pro_5945wxryzen_3_pro_3200geryzen_3_pro_3200g_firmwareryzen_5_2500u_firmwareradeon_rx_5700_xtryzen_3_3100ryzen_3_pro_3200gryzen_7_3750hradeon_rx_5500mryzen_7_5700u_firmwareryzen_3_2200u_firmwareathlon_silver_3050eryzen_3_3200gryzen_7_3780uryzen_9_5900hsryzen_3_2200uradeon_rx_6500_xtryzen_3_3250c_firmwareradeon_rx_6950_xtryzen_7_5700gryzen_9_5980hsryzen_5_2400geryzen_7_3700cryzen_5_pro_3350g_firmwareryzen_7_3800xt_firmwareryzen_5_5500u_firmwareryzen_7_5800h_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xenterprise_driverradeon_pro_softwareryzen_5_2600hryzen_5_3500uradeon_rx_5600mryzen_5_5500ryzen_7_2700uryzen_3_5400uradeon_softwareathlon_pro_3045bryzen_7_2800hryzen_5_5600_firmwareryzen_7_5800xryzen_5_3550hradeon_rx_6700ryzen_threadripper_3990x_firmwareryzen_7_3780u_firmwareryzen_9_3900radeon_rx_6400radeon_rx_6800athlon_silver_3050c_firmwareryzen_5_5600x_firmwareryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_7_5800x3dryzen_3_5300gryzen_9_5900ryzen_5_pro_3350gryzen_5_5600ge_firmwareryzen_9_5980hs_firmwareryzen_threadripper_3990xryzen_5_3500c_firmwareryzen_5_3400g_firmwareryzen_5_5600hs_firmwareathlon_gold_3150uryzen_3_3350u_firmwareradeon_pro_w6800xradeon_rx_5600_xtryzen_threadripper_pro_5955wxryzen_5_5500uryzen_3_5400u_firmwareryzen_5_5600h_firmwareathlon_silver_3050cryzen_7_5800ryzen_3_3300u_firmwareradeon_rx_6600sryzen_7_3800xryzen_5_2400ge_firmwareryzen_5_2400gradeon_rx_6800sryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_5_3580u_firmwareryzen_3_2200geryzen_5_3500cryzen_3_3300x_firmwareryzen_5_5600hryzen_5_pro_3400g_firmwareryzen_9_3900xt_firmwareryzen_3_5300u_firmwareryzen_3_3300uryzen_3_5300uryzen_threadripper_pro_5945wx_firmwareradeon_rx_6900_xtryzen_5_5600gryzen_5_3600xtryzen_5_3500x_firmwareryzen_9_3900xtryzen_5_3550h_firmwareradeon_pro_w6400ryzen_5_5600uryzen_threadripper_pro_5975wxathlon_pro_3045b_firmwareryzen_3_2300u_firmwareradeon_rx_5500radeon_pro_w5700ryzen_9_5900hx_firmwareryzen_5_3500xryzen_9_5950x_firmwareryzen_5_5600geradeon_rx_5300_xtryzen_7_3700u_firmwareryzen_7_5800x_firmwareryzen_3_5300ge_firmwareryzen_7_2700u_firmwareryzen_5_pro_3400gryzen_7_5700geryzen_5_3450uradeon_rx_6850m_xtryzen_3_2200ge_firmwareradeon_rx_6600_xtradeon_rx_6650_xtryzen_7_3800x_firmwareathlon_pro_3145b_firmwareryzen_7_2800h_firmwareryzen_5_pro_3350geradeon_pro_w6600mryzen_7_5700uradeon_pro_w6600xryzen_threadripper_pro_3945wx_firmwareamd_3015ce_firmwareryzen_9_5900hs_firmwareradeon_pro_w6600ryzen_5_5600u_firmwareryzen_5_3600xryzen_3_3200g_firmwareradeon_rx_6800_xtryzen_7_3800xtryzen_7_5700g_firmwareryzen_threadripper_pro_5975wx_firmwareryzen_9_3950x_firmwareradeon_pro_w6900xryzen_threadripper_pro_3995wxradeon_rx_5300mradeon_pro_w6800radeon_rx_6600mradeon_pro_w5700xryzen_7_3700c_firmwareradeon_rx_6750_xtryzen_7_5700x_firmwareryzen_3_5300g_firmwareryzen_threadripper_pro_3955wxradeon_rx_5500_xtryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_7_3700uathlon_silver_3050uryzen_3_3350uryzen_5_3500_firmwareryzen_3_2200gryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareradeon_rx_6300mamd_3015ceryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareradeon_rx_6800mryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxradeon_rx_vega_56_firmwareradeon_rx_vega_64_firmwareryzen_7_5800uryzen_9_5900hxradeon_pro_w6800x_duoradeon_rx_6650mradeon_rx_6650m_xtradeon_rx_6700_xtryzen_5_5600g_firmwareathlon_gold_3150cradeon_rx_6700mryzen_3_3250uryzen_5_2400g_firmwareathlon_gold_3150u_firmwareradeon_pro_w5500ryzen_5_pro_3400geryzen_9_3950xradeon_rx_5600ryzen_5_5600ryzen_threadripper_3970xryzen_5_3500ryzen_7_5800hradeon_pro_w6500mryzen_5_3450u_firmwareamd_3015e_firmwareryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_3_3250u_firmwareryzen_5_3500u_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_5_pro_3400ge_firmwareryzen_7_5800hs_firmwareryzen_threadripper_pro_5995wx_firmwareradeon_pro_w6300mradeon_rx_6500mryzen_7_5700ge_firmwareryzen_7_5700xAMD Radeon RX 5000 Series & PRO W5000 SeriesAMD Ryzen™ Embedded V2000AMD Ryzen™Embedded V3000AMD Ryzen™ Embedded V1000AMD Ryzen™ Embedded 5000AMD Radeon RX 6000 Series & PRO W6000 SeriesAMD Ryzen™ Embedded R2000AMD Ryzen™ Embedded R1000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-53835
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.58%
||
7 Day CHG~0.00%
Published-03 Jan, 2025 | 03:28
Updated-03 Jan, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-52926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.00%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 00:00
Updated-06 Jan, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.

Action-Not Available
Vendor-Delineadelinea_privilege_manager
Product-Privilege Managerdelinea_privilege_manager
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-49744
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.56%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 23:04
Updated-22 Apr, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-47016
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.74%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 10:34
Updated-25 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Androidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.22%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 06:14
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.

Action-Not Available
Vendor-automoxn/aMicrosoft Corporation
Product-windowsautomoxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-42011
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.64%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-42711
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.60%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 22:46
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.

Action-Not Available
Vendor-n/aBarracuda Networks, Inc.
Product-network_access_clientn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-41614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.50%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register (EPCR) are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR.

Action-Not Available
Vendor-openriscn/a
Product-mor1kx_firmwaremor1kxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-26077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.54%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 00:00
Updated-24 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.

Action-Not Available
Vendor-ateran/aateraMicrosoft Corporation
Product-windowsateran/aatera
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-13554
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.18%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 16:14
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccess\/scadaAdvantech
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-43114
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 12:48
Updated-11 Sep, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-13549
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.72%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 16:54
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.

Action-Not Available
Vendor-sytechn/a
Product-xlreporterSytech
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-12354
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.86%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:07
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_software_development_kitIntel(R) AMT SDK
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-43081
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.52%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 17:25
Updated-17 Dec, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-43089
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.65%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 17:25
Updated-17 Dec, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-862
Missing Authorization
CVE-2017-14425
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.28%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-850l_firmwaredir-850ln/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-43085
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.63%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 17:25
Updated-18 Dec, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-43765
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.48%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 23:04
Updated-22 Apr, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-43791
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.18%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 14:39
Updated-12 Sep, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RequestStore has Incorrect Default Permissions

RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.

Action-Not Available
Vendor-steveklabniksteveklabniksteveklabnik
Product-request_storerequest_storerequest_store
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-43769
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.52%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 23:58
Updated-21 Apr, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-14424
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.28%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-850l_firmwaredir-850ln/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-38420
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.98%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 19:05
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dialinkDIALink
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-37000
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.7||HIGH
EPSS-0.02% / 2.36%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:47
Updated-18 Mar, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei wearables have a permission management vulnerability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-255
Not Available
CVE-2017-14427
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.28%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-850l_firmwaredir-850ln/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-36795
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.99%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 16:58
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges.

Action-Not Available
Vendor-n/aCohesity, Inc.
Product-linux_agentn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-40660
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.32%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 17:25
Updated-17 Dec, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3579
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 13:50
Updated-16 Sep, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.

Action-Not Available
Vendor-Bitdefender
Product-total_securityendpoint_security_toolsENdpoint Security Tools for WindowsTotal Security
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4706
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.46%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:59
Updated-02 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-preload_directory1Lenovo Preload Directory
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2005-1941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.29%
||
7 Day CHG~0.00%
Published-14 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.

Action-Not Available
Vendor-silvercity_projectn/a
Product-silvercityn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3462
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.85%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 20:41
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_l15_gen_1thinkpad_x13_yoga_gen_1thinkpad_a275thinkpad_e15thinkpad_x1_yoga_gen_2thinkpad_p17_gen_1thinkpad_x380_yogathinkpad_a485thinkpad_25thinkpad_s2_yoga_gen_5thinkpad_e490thinkpad_s2_gen_2thinkpad_p53sthinkpad_t480sthinkpad_t570thinkpad_s1_gen_4thinkpad_x13_yoga_gen_2thinkpad_t14s_gen_1thinkpad_t490thinkpad_p51sthinkpad_e14_gen2thinkpad_t590thinkpad_x390_yogathinkpad_p53thinkpad_x13_gen_2ithinkpad_e575thinkpad_r14_gen_2thinkpad_e14thinkpad_x1_yoga_gen_6thinkpad_e570thinkpad_l590thinkpad_l13_yoga_gen_2thinkpad_l570thinkpad_x1_carbon_gen_5thinkpad_p14s_gen_1thinkpad_p52thinkpad_p43sthinkpad_a475thinkpad_l480thinkpad_e475power_management_driverthinkpad_x1_titanium_gen_1thinkpad_s5_gen_2thinkpad_e15_gen2thinkpad_t14_gen_2thinkpad_x1_yoga_gen_4thinkpad_13_gen_2thinkpad_e495thinkpad_s2_yoga_gen_6thinkpad_x1_carbon_gen_8thinkpad_x270thinkpad_l580thinkpad_a285thinkpad_e580thinkpad_p1_gen_3thinkpad_p1thinkpad_l14_gen_2thinkpad_x1_tablet_gen_2thinkpad_l13_gen_2thinkpad_x280thinkpad_p71thinkpad_t15_gen_1thinkpad_x390thinkpad_s3_gen_2thinkpad_p1_gen_2thinkpad_t15g_gen_1thinkpad_x1_yoga_gen_3thinkpad_11e_yoga_gen_6thinkpad_r14thinkpad_yoga_370thinkpad_l470thinkpad_x1_carbon_gen_7thinkpad_x395thinkpad_l15_gen_2thinkpad_t470thinkpad_p15v_gen_1thinkpad_l390thinkpad_e570cthinkpad_l380thinkpad_t580thinkpad_l14_gen_1thinkpad_l390_yogathinkpad_r480thinkpad_x1_extremethinkpad_e480thinkpad_l490thinkpad_11e_gen_5thinkpad_l380_yogathinkpad_p51thinkpad_l13thinkpad_t490sthinkpad_p73thinkpad_e470thinkpad_t15p_gen_1thinkpad_s2_gen_5thinkpad_x1_tablet_gen_3thinkpad_x1_extreme_gen_3thinkpad_l13_yoga_gen_1thinkpad_e590thinkpad_t470sthinkpad_p72thinkpad_t14_gen_1thinkpad_t15_gen_2thinkpad_t470pthinkpad_x12thinkpad_l13_gen_1thinkpad_x13_gen_1thinkpad_t14s_gen_2ithinkpad_e470cthinkpad_s2_gen_6thinkpad_x1_nano_gen_1thinkpad_e595thinkpad_x1_carbon_gen_9thinkpad_t495thinkpad_p14s_gen_2thinkpad_l13_yogathinkpad_p15s_gen_2thinkpad_p15_gen_1thinkpad_t480thinkpad_p15s_gen_1thinkpad_x1_extreme_2ndthinkpad_p52sthinkpad_x1_carbon_gen_6thinkpad_yoga_11e_gen_5thinkpad_x1_yoga_gen_5Power Management Driver for Windows 10
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 8
  • 9
  • Next
Details not found