Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-38379 1Northern.tech 1Cfengine Nov 21, 2024 Oct 27, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.
CVE-2021-37363 1Gestionaleopen 1Gestionale Open Nov 21, 2024 Oct 26, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attack...Show more An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.Show less
CVE-2021-42011 1Trendmicro 1Apex One Nov 21, 2024 Oct 21, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker...Show more An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2021-40123 1Cisco 1Identity Services Engine Nov 21, 2024 Oct 21, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restri...Show more A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted.Show less
CVE-2021-42055 1Asus 1Ux582lr Firmware Nov 21, 2024 Oct 18, 2021 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.
CVE-2021-42098 1Devolutions 1Remote Desktop Manager Nov 21, 2024 Oct 18, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell.
CVE-2021-29005 1Rconfig 1Rconfig Nov 21, 2024 Oct 11, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on ser...Show more Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.Show less
CVE-2021-39886 1Gitlab 1Gitlab Nov 21, 2024 Oct 5, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
CVE-2021-33923 1Confluent 1Cp Ansible Nov 21, 2024 Sep 29, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database).
CVE-2021-36365 1Nagios 1Nagios Xi Nov 21, 2024 Sep 28, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
CVE-2021-36363 1Nagios 1Nagios Xi Nov 21, 2024 Sep 28, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
CVE-2021-20037 1Sonicwall 1Global Vpn Client Nov 21, 2024 Sep 21, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This...Show more SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.Show less
CVE-2021-1832 1Apple 6Ipados Iphone OsMac Os X+3 more Nov 21, 2024 Sep 8, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improv...Show more Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic.Show less
CVE-2021-1831 1Apple 2Ipados Iphone Os Nov 21, 2024 Sep 8, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files.
CVE-2021-30750 1Apple 1Macos Nov 21, 2024 Sep 8, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user's recent contacts.
CVE-2021-31007 1Apple 5Ipados Iphone OsMacos+2 more Nov 21, 2024 Aug 24, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be...Show more Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences.Show less
CVE-2021-31006 1Apple 3Macos TvosWatchos Nov 21, 2024 Aug 24, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.
CVE-2021-31000 1Apple 5Ipados Iphone OsMacos+2 more Nov 21, 2024 Aug 24, 2021 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact info...Show more A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.Show less
CVE-2021-30999 1Apple 2Ipados Iphone Os Nov 21, 2024 Aug 24, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be unable to fully delete browsing history.
CVE-2021-39274 1Xerosecurity 1Sn1per Nov 21, 2024 Aug 19, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This resu...Show more In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges.Show less

Previous 1...515253...76 Next