Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-39273 1Xerosecurity 1Sn1per Nov 21, 2024 Aug 19, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrar...Show more In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.Show less
CVE-2021-37351 1Nagios 1Nagios Xi Nov 21, 2024 Aug 13, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.
CVE-2021-35312 1Gestionaleamica 1Amica Prodigy Nov 21, 2024 Aug 6, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a maliciou...Show more A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.Show less
CVE-2021-36795 1Cohesity 1Linux Agent Nov 21, 2024 Aug 6, 2021 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can ga...Show more A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges.Show less
CVE-2021-22295 1Huawei 1Harmonyos Nov 21, 2024 Aug 6, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler.
CVE-2021-32464 1Trendmicro 2Apex One Officescan Nov 21, 2024 Aug 4, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it...Show more An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2021-33334 1Liferay 2Digital Experience Platform Liferay Portal May 13, 2025 Aug 3, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows rem...Show more The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration.Show less
CVE-2021-33333 1Liferay 2Digital Experience Platform Liferay Portal May 13, 2025 Aug 3, 2021 N/A· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authe...Show more The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.Show less
CVE-2021-33327 1Liferay 2Digital Experience Platform Liferay Portal May 13, 2025 Aug 3, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remot...Show more The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled.Show less
CVE-2021-33324 1Liferay 2Digital Experience Platform Liferay Portal May 13, 2025 Aug 3, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without vie...Show more The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.Show less
CVE-2020-5353 1Dell 2Emc Isilon Onefs Emc Powerscale Onefs Nov 21, 2024 Jul 29, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoo...Show more The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.Show less
CVE-2020-26180 1Dell 2Emc Isilon Onefs Emc Powerscale Onefs Nov 21, 2024 Jul 28, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may ga...Show more Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.Show less
CVE-2020-29503 1Dell 1Emc Powerstore Nov 21, 2024 Jul 19, 2021 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain...Show more Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory.Show less
CVE-2020-25593 1Acronis 1True Image Nov 21, 2024 Jul 15, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.
CVE-2021-0486 1Google 1Android Nov 21, 2024 Jul 14, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed...Show more In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-171430330Show less
CVE-2021-0441 1Google 1Android Nov 21, 2024 Jul 14, 2021 N/A· v4 7.3 HIGH· v3 4.4 MEDIUM· v2 In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is need...Show more In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174495520Show less
CVE-2021-31217 1Solarwinds 1Dameware Mini Remote Control Nov 21, 2024 Jul 13, 2021 N/A· v4 9.1 CRITICAL· v3 9.4 HIGH· v2 In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
CVE-2021-32725 1Nextcloud 1Nextcloud Server Nov 21, 2024 Jul 12, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The iss...Show more Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.Show less
CVE-2021-33214 1Hms Networks 1Ecatcher Nov 21, 2024 Jul 9, 2021 N/A· v4 6.1 MEDIUM· v3 6.0 MEDIUM· v2 In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of norma...Show more In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.Show less
CVE-2021-26274 1Ninjarmm 1Ninjarmm Nov 21, 2024 Jul 7, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 The Agent in NinjaRMM 5.0.909 has Insecure Permissions.

Previous 1...525354...76 Next