Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14737 1Ubisoft 1Uplay Nov 21, 2024 Oct 14, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.
CVE-2019-17044 1Bmc 1Patrol Agent Nov 21, 2024 Oct 14, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user...Show more An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution.Show less
CVE-2019-17043 1Bmc 1Patrol Agent Nov 21, 2024 Oct 14, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially craf...Show more An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution.Show less
CVE-2019-2173 1Google 1Android Nov 21, 2024 Oct 11, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privilege...Show more In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720Show less
CVE-2019-2114 1Google 1Android Nov 21, 2024 Oct 11, 2019 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an a...Show more In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348Show less
CVE-2019-14510 1Kaseya 1Vsa Nov 21, 2024 Oct 11, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN C...Show more An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as a member of the domain BUILTIN\Administrators group. Using the well known Pass-the-Hash techniques, an attacker can use the same FSAdminxxxxxxxxx hash from any LAN Cache client and pass this to a Domain Controller, providing administrative rights to the attacker on any Domain Controller. (Local account Pass-the-Hash mitigations do not protect domain accounts.)Show less
CVE-2015-9477 1Vernissage Project 1Vernissage Nov 21, 2024 Oct 10, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.
CVE-2015-9476 1Teardrop Project 1Teardrop Nov 21, 2024 Oct 10, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.
CVE-2015-9475 1Pont Project 1Pont Nov 21, 2024 Oct 10, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
CVE-2015-9474 1Simpolio Project 1Simpolio Nov 21, 2024 Oct 10, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
CVE-2019-17365 1Nixos 1Nix Jan 15, 2025 Oct 9, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.
CVE-2019-17383 1Netaddr Project 1Netaddr Nov 21, 2024 Oct 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.
CVE-2019-17124 1Kramerav 1Viaware Nov 21, 2024 Oct 9, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.
CVE-2019-16913 1Pcprotect 1Antivirus Nov 21, 2024 Oct 7, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders....Show more PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse.Show less
CVE-2019-3688 1Suse 1Suse Linux Enterprise Server Nov 21, 2024 Oct 7, 2019 N/A· v4 7.1 HIGH· v3 6.6 MEDIUM· v2 The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 pe...Show more The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binaryShow less
CVE-2019-17056 1Linux 1Linux Kernel Nov 21, 2024 Oct 1, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
CVE-2019-17054 1Linux 1Linux Kernel Nov 21, 2024 Oct 1, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.
CVE-2019-17053 1Linux 1Linux Kernel Nov 21, 2024 Oct 1, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd...Show more ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.Show less
CVE-2019-17052 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraLinux Kernel+1 more Nov 21, 2024 Oct 1, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
CVE-2018-19592 1Corsair 1Link Nov 21, 2024 Sep 27, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\...Show more The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441.Show less

Previous 1...707172...76 Next