Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-44833 1Amazon 1Aws Opensearch Nov 21, 2024 Dec 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.
CVE-2021-21957 1Dreamreport 1Remote Connector Nov 21, 2024 Dec 8, 2021 N/A· v4 7.3 HIGH· v3 6.8 MEDIUM· v2 A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can p...Show more A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-42711 1Barracuda 1Network Access Client Nov 21, 2024 Dec 1, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.
CVE-2021-31822 1Octopus 1Tentacle Nov 21, 2024 Nov 24, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to g...Show more When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access.Show less
CVE-2021-44140 1Apache 1Jspwiki Nov 21, 2024 Nov 24, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running t...Show more Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.Show less
CVE-2021-37030 1Huawei 2Emui Magic Ui Nov 21, 2024 Nov 23, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
CVE-2021-33071 1Intel 1Oneapi Rendering Toolkit Nov 21, 2024 Nov 17, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-33062 1Intel 1Vtune Profiler Nov 21, 2024 Nov 17, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-0065 1Intel 137265 Firmware 9260 FirmwareAc 3165 Firmware+10 more Nov 21, 2024 Nov 17, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-8741 1Intel 1Thunderbolt Non Dch Driver Nov 21, 2024 Nov 17, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-33092 1Intel 1Nuc M15 Laptop Kit Hid Event Filter Driver Pack Nov 21, 2024 Nov 17, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via l...Show more Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2021-33090 1Intel 1Nuc Hdmi Firmware Update Tool Nov 21, 2024 Nov 17, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable es...Show more Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2021-33088 1Intel 1Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack Nov 21, 2024 Nov 17, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege...Show more Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2021-3720 1Lenovo 2Legion Phone2 Pro (l70081) Firmware Legion Phone Pro (l79031)firmware Nov 21, 2024 Nov 12, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
CVE-2021-43199 1Jetbrains 1Teamcity Nov 21, 2024 Nov 9, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
CVE-2021-38420 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious f...Show more Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.Show less
CVE-2021-3579 1Bitdefender 2Endpoint Security Tools Total Security Nov 21, 2024 Oct 28, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate pri...Show more Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.Show less
CVE-2021-36990 1Huawei 2Emui Magic Ui Nov 21, 2024 Oct 28, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36989 1Huawei 2Emui Magic Ui Nov 21, 2024 Oct 28, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-22475 1Huawei 2Emui Magic Ui Nov 21, 2024 Oct 28, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Previous 1...505152...76 Next