CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-43702 – Incomplete verification of installation file signature
https://notcve.org/view.php?id=CVE-2022-43702
When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. • https://developer.arm.com/documentation/ka005596/latest https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-43701 – Insecure directory permissions on installer files
https://notcve.org/view.php?id=CVE-2022-43701
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code. • https://developer.arm.com/documentation/ka005596/latest https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-24658
https://notcve.org/view.php?id=CVE-2020-24658
Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to (above) any vulnerable arrays in the stack. The guard value is checked for corruption on function return; corruption leads to an error-handler call. In certain circumstances, the reference value that is compared against the guard value is itself also written to the stack (after any vulnerable arrays). The reference value is written to the stack when the function runs out of registers to use for other temporary data. • https://developer.arm.com/support/arm-security-updates/arm-compiler-5-stack-protection • CWE-770: Allocation of Resources Without Limits or Throttling CWE-787: Out-of-bounds Write •