Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-12670 1Cisco 1Ios Nov 21, 2024 Sep 25, 2019 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is...Show more A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.Show less
CVE-2019-3689 1Linux Nfs 1Nfs Utils Nov 21, 2024 Sep 19, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by...Show more The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.Show less
CVE-2019-9679 1Dahuasecurity 9Ipc Hdbw4x2x Firmware Ipc Hdw1x2x FirmwareIpc Hdw2x2x Firmware+6 more Nov 21, 2024 Sep 18, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,...Show more Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.Show less
CVE-2019-16355 1Beego 1Beego Nov 21, 2024 Sep 16, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
CVE-2019-16106 1Humanica 1Humatrix Nov 21, 2024 Sep 10, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdN...Show more The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields.Show less
CVE-2019-16186 1Limesurvey 1Limesurvey Nov 21, 2024 Sep 9, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.
CVE-2019-16185 1Limesurvey 1Limesurvey Nov 21, 2024 Sep 9, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.
CVE-2019-16183 1Limesurvey 1Limesurvey Nov 21, 2024 Sep 9, 2019 N/A· v4 2.7 LOW· v3 4.0 MEDIUM· v2 In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions.
CVE-2019-15716 1Wtfutil 1Wtf Nov 21, 2024 Aug 28, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.
CVE-2019-5687 1Nvidia 1Gpu Driver Nov 21, 2024 Aug 6, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an...Show more NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actorShow less
CVE-2019-9630 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Jul 8, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
CVE-2019-7588 1Exacq 1Enterprise System Manager Nov 21, 2024 Jun 18, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all pri...Show more A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not impact any Windows Server OSs, or Linux deployments with permissions that are not inherited from the root directory. Authorized Users have ‘modify’ permission to the ESM folders, which allows a low privilege account to modify files located in these directories. An executable can be renamed and replaced by a malicious file that could connect back to a bad actor providing system level privileges. A low privileged user is not able to restart the service, but a restart of the system would trigger the execution of the malicious file. This issue affects: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) Version 5.12.2 and prior versions; This issue does not affect: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) 19.03 and above.Show less
CVE-2019-12795 1Gnome 1Gvfs Nov 21, 2024 Jun 11, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to...Show more daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)Show less
CVE-2019-12450 6Canonical DebianFedoraproject+3 more 9Debian Linux Enterprise LinuxEnterprise Linux Eus+6 more Nov 21, 2024 May 29, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2018-7822 1Schneider Electric 2Modicon M221 Firmware Somachine Basic Nov 21, 2024 May 22, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMach...Show more An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic.Show less
CVE-2019-3870 3Fedoraproject SambaSynology 7Directory Server Diskstation ManagerFedora+4 more Jan 14, 2025 Apr 9, 2019 N/A· v4 6.1 MEDIUM· v3 3.6 LOW· v2 A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This dir...Show more A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.Show less
CVE-2019-0683 1Microsoft 2Windows 7 Windows Server 2008 Nov 21, 2024 Apr 9, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest,...Show more An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.Show less
CVE-2018-13287 1Synology 1Router Manager Nov 21, 2024 Apr 1, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13286 1Synology 1Diskstation Manager Jan 14, 2025 Apr 1, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration...Show more Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.Show less
CVE-2018-11906 1Google 1Android Nov 21, 2024 Nov 27, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs.

Previous 1...717273...76 Next