Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-24172 1Apple 1Macos Apr 2, 2026 Mar 31, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. "Block All Remote Content" may not apply for all mail previews...Show more A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. "Block All Remote Content" may not apply for all mail previews.Show less
CVE-2025-24170 1Apple 1Macos Jun 11, 2026 Mar 31, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
CVE-2025-2782 - - Apr 1, 2025 Mar 28, 2025 6.3 MEDIUM· v4 N/A· v3 N/A· v2 The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privil...Show more The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10.Show less
CVE-2025-2781 - - Apr 1, 2025 Mar 28, 2025 6.3 MEDIUM· v4 N/A· v3 N/A· v2 The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM pri...Show more The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.Show less
CVE-2025-25535 - - Mar 27, 2025 Mar 26, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.
CVE-2024-53351 1Linuxfoundation 1Pipecd Apr 1, 2025 Mar 21, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.
CVE-2025-27612 - - Mar 21, 2025 Mar 21, 2025 N/A· v4 5.9 MEDIUM· v3 N/A· v2 libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic he...Show more libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.Show less
CVE-2025-24915 - - Mar 21, 2025 Mar 21, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if...Show more When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.Show less
CVE-2024-54564 1Apple 4Ipados Iphone OsMacos+1 more Apr 2, 2026 Mar 21, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, visionOS 1.3. A file received from AirDrop may not have the quarantine flag applied.
CVE-2024-0245 - - Oct 15, 2025 Mar 20, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially l...Show more A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim's device. This issue affects all Android versions before Android 11.Show less
CVE-2025-27926 1Nintex 1Automation Jan 29, 2026 Mar 10, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
CVE-2025-20910 1Samsung 1Wear Os Feb 2, 2026 Mar 6, 2025 N/A· v4 6.2 MEDIUM· v3 N/A· v2 Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery.
CVE-2025-24864 - - Mar 6, 2025 Mar 6, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an ar...Show more Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.Show less
CVE-2025-22447 - - Mar 6, 2025 Mar 6, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an a...Show more Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.Show less
CVE-2025-27682 1Printerlogic 2Vasion Print Virtual Appliance Nov 3, 2025 Mar 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005.
CVE-2025-27677 1Printerlogic 2Vasion Print Virtual Appliance Nov 3, 2025 Mar 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002.
CVE-2025-27521 1Huawei 1Harmonyos Sep 26, 2025 Mar 4, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58050 1Huawei 1Harmonyos Sep 26, 2025 Mar 4, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58049 1Huawei 1Harmonyos Mar 5, 2025 Mar 4, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58047 1Huawei 1Harmonyos Mar 5, 2025 Mar 4, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Previous 1...121314...76 Next