Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-11692 1Jetbrains 1Youtrack Nov 21, 2024 Apr 22, 2020 N/A· v4 2.7 LOW· v3 4.0 MEDIUM· v2 In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
CVE-2020-11689 1Jetbrains 1Teamcity Nov 21, 2024 Apr 22, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
CVE-2020-0547 1Intel 1Data Migration Nov 21, 2024 Apr 15, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-4274 1Ibm 1Qradar Security Information And Event Manager Nov 21, 2024 Apr 15, 2020 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980.
CVE-2020-4270 1Ibm 1Qradar Security Information And Event Manager Nov 21, 2024 Apr 15, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846.
CVE-2019-14326 1Andyroid 1Andy Os Nov 21, 2024 Apr 14, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in AndyOS Andy versions up to 46.11.113. By default, it starts telnet and ssh (ports 22 and 23) with root privileges in the emulated Android system. This can be exploited by remote attackers to ga...Show more An issue was discovered in AndyOS Andy versions up to 46.11.113. By default, it starts telnet and ssh (ports 22 and 23) with root privileges in the emulated Android system. This can be exploited by remote attackers to gain full access to the device, or by malicious apps installed inside the emulator to perform privilege escalation from a normal user to root (unlike with standard methods of getting root privileges on Android - e.g., the SuperSu program - the user is not asked for consent). There is no authentication performed - access to a root shell is given upon a successful connection. NOTE: although this was originally published with a slightly different CVE ID number, the correct ID for this Andy vulnerability has always been CVE-2019-14326.Show less
CVE-2020-7802 1S3india 1Husky Rtu 6049 E70 Firmware Nov 21, 2024 Apr 14, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default per...Show more The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through SNMP communication. This is a different issue than CVE-2019-16879, CVE-2019-20045, CVE-2019-20046, CVE-2020-7800, and CVE-2020-7801.Show less
CVE-2020-6456 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.
CVE-2020-6446 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6445 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6441 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
CVE-2020-6439 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
CVE-2020-6431 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-1985 1Paloaltonetworks 1Secdo Nov 21, 2024 Apr 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
CVE-2018-21061 1Google 1Android Nov 21, 2024 Apr 8, 2020 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018).
CVE-2017-18669 1Google 1Android Nov 21, 2024 Apr 7, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017).
CVE-2017-18668 1Google 1Android Nov 21, 2024 Apr 7, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June 2017).
CVE-2020-7004 1Visam 2Vbase Editor Vbase Web Remote Nov 21, 2024 Apr 3, 2020 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privil...Show more VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application.Show less
CVE-2020-11444 1Sonatype 1Nexus Nov 21, 2024 Apr 2, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
CVE-2019-3944 1Parrot 1Anafi Firmware Nov 21, 2024 Apr 1, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight.

Previous 1...646566...76 Next