CWE-276
1,508 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CVEs (1,508)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Intel 1Mailbox Interface Driver Nov 21, 2024 Aug 13, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. |
1Intel 1Distribution Of Openvino Toolkit Nov 21, 2024 Aug 13, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. |
1Opensuse 3Backports Sle LeapTumbleweedNov 21, 2024 Aug 7, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to roo...Show more |
2Ivanti Pulsesecure4Connect Secure Policy SecurePulse Connect Secure+1 moreNov 21, 2024 Jul 30, 2020 N/A· v4 7.2 HIGH· v3 4.0 MEDIUM· v2 An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. |
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known f...Show more |
1Osisoft 9Pi Api Pi Buffer SubsystemPi Connector+6 moreNov 21, 2024 Jul 24, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, o...Show more |
4Debian FedoraprojectGoogle+1 more5Backports Sle ChromeDebian Linux+2 moreNov 21, 2024 Jul 22, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
3Linux NetappXen5Cloud Backup Linux KernelSolidfire Baseboard Management Controller+2 moreNov 21, 2024 Jul 20, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate...Show more |
In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System e...Show more |
SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphq...Show more |
1Rittal 5Cmc Iii Pu 7030.000 Firmware Cmciii Pu 9333e0fb FirmwareIot Interface 3124.300+2 moreNov 21, 2024 Jul 14, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. There are insecure permissions. |
2Mozilla Opensuse2Firefox LeapNov 21, 2024 Jul 9, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the...Show more |
2Mozilla Opensuse2Firefox LeapNov 21, 2024 Jul 9, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt...Show more |
1Nvidia 1Jetpack Software Development Kit Nov 21, 2024 Jul 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges. |
An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020). |
1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+8 moreNov 21, 2024 Jul 1, 2020 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy...Show more |
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP...Show more |
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries....Show more |
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the cont...Show more |