Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-22346 1Huawei 2Emui Magic Ui Nov 21, 2024 Jun 30, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits.
CVE-2021-22368 1Huawei 2Emui Magic Ui Nov 21, 2024 Jun 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device.
CVE-2021-22371 1Huawei 2Emui Magic Ui Nov 21, 2024 Jun 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-20490 1Ibm 1Spectrum Protect Plus Nov 21, 2024 Jun 29, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.
CVE-2021-21737 1Zte 1Zxv10 B860h V5.0 Firmware Nov 21, 2024 Jun 24, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and...Show more A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016Show less
CVE-2021-34395 1Nvidia 1Jetson Linux Nov 21, 2024 Jun 22, 2021 N/A· v4 4.2 MEDIUM· v3 4.6 MEDIUM· v2 Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low...Show more Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service.Show less
CVE-2021-34387 1Nvidia 1Jetson Linux Nov 21, 2024 Jun 21, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute...Show more The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.Show less
CVE-2021-0143 1Intel 1Brand Verification Tool Nov 21, 2024 Jun 17, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-31998 1Opensuse 1Inn Nov 21, 2024 Jun 10, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the...Show more A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.Show less
CVE-2021-21736 1Zte 1Zxhn Hs562 Firmware Nov 21, 2024 Jun 10, 2021 N/A· v4 7.2 HIGH· v3 8.0 HIGH· v2 A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can stil...Show more A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000EShow less
CVE-2021-0106 1Intel 1Ipmctl Nov 21, 2024 Jun 9, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privileg...Show more Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2021-0100 1Intel 1Ssd Data Center Tool Nov 21, 2024 Jun 9, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-0058 1Intel 2Lapbc510 Firmware Lapbc710 Firmware Nov 21, 2024 Jun 9, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-27384 1Arena 1Guild Wars 2 Nov 21, 2024 Jun 9, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice...Show more The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable.Show less
CVE-2021-27032 1Autodesk 1Licensing Services Nov 21, 2024 May 28, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with wea...Show more Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service.Show less
CVE-2020-10145 1Adobe 1Coldfusion Nov 21, 2024 May 27, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structur...Show more The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.Show less
CVE-2021-33506 18x8 1Jitsi Meet Nov 21, 2024 May 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.
CVE-2021-33038 2Debian Hyperkitty Project 2Debian Linux Hyperkitty Nov 21, 2024 May 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For e...Show more An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3.Show less
CVE-2020-13599 1Zephyrproject 1Zephyr Nov 21, 2024 May 25, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories...Show more Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6qShow less
CVE-2020-9451 1Acronis 1True Image 2020 Nov 21, 2024 May 25, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowin...Show more An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet created) log file to anti_ransomware_service.exe. On reboot, this forces the anti_ransomware_service to try to write its log into its own process, crashing in a SHARING VIOLATION. This crash occurs on every reboot.Show less

Previous 1...535455...76 Next