Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-0564 1Intel 1Raid Web Console 3 Nov 21, 2024 Feb 13, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0562 1Intel 1Raid Web Console 2 Nov 21, 2024 Feb 13, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper permissions in the installer for Intel(R) RWC2, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0560 1Intel 1Renesas Electronics Usb 3.0 Driver Nov 21, 2024 Feb 13, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-2200 1Google 1Android Nov 21, 2024 Feb 13, 2020 N/A· v4 7.3 HIGH· v3 6.9 MEDIUM· v2 In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege wi...Show more In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-67319274Show less
CVE-2020-2118 1Jenkins 1Pipeline Github Notify Step Nov 21, 2024 Feb 12, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2020-2117 1Jenkins 1Pipeline Github Notify Step Nov 21, 2024 Feb 12, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs ob...Show more A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2019-14002 1Qualcomm 29Apq8053 Firmware Apq8096au FirmwareApq8098 Firmware+26 more Nov 21, 2024 Feb 7, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...Show more APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130Show less
CVE-2019-20106 1Atlassian 4Jira Jira Data CenterJira Server+1 more Nov 21, 2024 Feb 6, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do no...Show more Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.Show less
CVE-2020-7977 1Gitlab 1Gitlab Nov 21, 2024 Feb 5, 2020 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
CVE-2020-7972 1Gitlab 1Gitlab Nov 21, 2024 Feb 5, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).
CVE-2020-7967 1Gitlab 1Gitlab Nov 21, 2024 Feb 5, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).
CVE-2020-8114 1Gitlab 1Gitlab Nov 21, 2024 Feb 5, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVE-2020-7979 1Gitlab 1Gitlab Nov 21, 2024 Feb 5, 2020 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVE-2020-5231 1Apereo 1Opencast Nov 21, 2024 Jan 30, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is r...Show more In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name – implying an admin for a specific course – users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration.Show less
CVE-2014-7303 1Hp 1Sgi Tempo Nov 21, 2024 Jan 27, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.
CVE-2014-7302 1Hp 1Sgi Tempo Nov 21, 2024 Jan 27, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.
CVE-2014-7301 1Hp 1Sgi Tempo Nov 21, 2024 Jan 27, 2020 N/A· v4 6.6 MEDIUM· v3 4.6 MEDIUM· v2 SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.
CVE-2019-17103 1Bitdefender 1Antivirus Nov 21, 2024 Jan 27, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac vers...Show more An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.Show less
CVE-2019-18900 1Opensuse 1Libzypp Nov 21, 2024 Jan 24, 2020 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposin...Show more : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.Show less
CVE-2019-3687 1Suse 1Linux Enterprise Server Nov 21, 2024 Jan 24, 2020 N/A· v4 3.3 LOW· v3 1.9 LOW· v2 The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versi...Show more The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.Show less

Previous 1...666768...76 Next