Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-13555 1Advantech 1Webaccess/scada Nov 21, 2024 Feb 17, 2021 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace...Show more An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.Show less
CVE-2020-13553 1Advantech 1Webaccess/scada Nov 21, 2024 Feb 17, 2021 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess,...Show more An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.Show less
CVE-2020-13552 1Advantech 1Webaccess/scada Nov 21, 2024 Feb 17, 2021 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folde...Show more An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.Show less
CVE-2020-13551 1Advantech 1Webaccess/scada Nov 21, 2024 Feb 17, 2021 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either repl...Show more An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.Show less
CVE-2020-8765 1Intel 1Realsense Depth Camera Manager Nov 21, 2024 Feb 17, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-8701 1Intel 1Solid State Drive Toolbox Nov 21, 2024 Feb 17, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-0524 1Intel 1Ethernet Controller I210 Firmware Nov 21, 2024 Feb 17, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local acce...Show more Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access.Show less
CVE-2021-20653 1Nec 4Csdj A Firmware Csdj B FirmwareCsdj D Firmware+1 more Nov 21, 2024 Feb 17, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized histori...Show more Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors.Show less
CVE-2020-28392 1Siemens 1Simaris Configuration Nov 21, 2024 Feb 9, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which cou...Show more A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.Show less
CVE-2020-16144 1Owncloud 1Files Antivirus Nov 21, 2024 Feb 9, 2021 N/A· v4 5.7 MEDIUM· v3 3.5 LOW· v2 When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the viru...Show more When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the files_antivirus component versions before 0.15.2 for ownCloud.Show less
CVE-2020-25245 1Siemens 1Digsi 4 Nov 21, 2024 Feb 9, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place d...Show more A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.Show less
CVE-2021-3394 1Millewin 1Millewin Nov 21, 2024 Feb 9, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.
CVE-2021-21436 1Otrs 1Cis In Customer Frontend Nov 21, 2024 Feb 8, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.
CVE-2020-29582 2Jetbrains Oracle 4Communications Cloud Native Core Network Slice Selection Function Communications Cloud Native Core PolicyCommunications Cloud Native Core Service Communication Proxy+1 more Feb 25, 2026 Feb 3, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
CVE-2020-25208 1Jetbrains 1Youtrack Nov 21, 2024 Feb 3, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
CVE-2019-20468 1Tk Star 1Q90 Junior Gps Horloge Firmware Nov 21, 2024 Feb 1, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.
CVE-2020-26941 1Eset 8Endpoint Antivirus Endpoint SecurityFile Security+5 more Nov 21, 2024 Jan 26, 2021 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting...Show more A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower.Show less
CVE-2020-11997 1Apache 1Guacamole Nov 21, 2024 Jan 19, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other use...Show more Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.Show less
CVE-2020-13922 1Apache 1Dolphinscheduler Nov 21, 2024 Jan 11, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
CVE-2021-1056 2Debian Nvidia 2Debian Linux Gpu Driver Nov 21, 2024 Jan 8, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level...Show more NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.Show less

Previous 1...565758...76 Next