Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-24140 1Apple 1Macos Nov 3, 2025 Jan 27, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. Files downloaded from the internet may not have the quarantine flag applied.
CVE-2025-24135 1Apple 1Macos Nov 3, 2025 Jan 27, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges.
CVE-2025-24107 1Apple 5Ipados Iphone OsMacos+2 more Apr 2, 2026 Jan 27, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3. A malicious app may be able to gain root privileges.
CVE-2025-24093 1Apple 1Macos Apr 2, 2026 Jan 27, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access removable volumes without user consent.
CVE-2025-0543 - - Jan 25, 2025 Jan 25, 2025 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by...Show more Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM.Show less
CVE-2025-0542 - - Jan 25, 2025 Jan 25, 2025 7.3 HIGH· v4 7.8 HIGH· v3 N/A· v2 Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges...Show more Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write.Show less
CVE-2024-55930 1Xerox 1Workplace Suite Jan 30, 2026 Jan 23, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files
CVE-2024-55957 - - Mar 14, 2025 Jan 22, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access con...Show more In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems.Show less
CVE-2025-24399 1Jenkins 1Openid Connect Authentication May 7, 2025 Jan 22, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensiti...Show more Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case, potentially gaining administrator access to Jenkins.Show less
CVE-2024-49744 1Google 1Android Apr 22, 2025 Jan 21, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no add...Show more In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2024-49737 1Google 1Android Apr 22, 2025 Jan 21, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege...Show more In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-49735 1Google 1Android Apr 22, 2025 Jan 21, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...Show more In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-49732 1Google 1Android Apr 22, 2025 Jan 21, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no a...Show more In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-49724 1Google 1Android Apr 22, 2025 Jan 21, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additio...Show more In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2024-43765 1Google 1Android Apr 22, 2025 Jan 21, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is...Show more In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2024-34730 1Google 1Android Apr 22, 2025 Jan 21, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...Show more In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-40132 1Google 1Android Apr 22, 2025 Jan 21, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no add...Show more In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2025-21532 1Oracle 1Analytics Desktop Jul 2, 2025 Jan 21, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker wi...Show more Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2024-55959 - - Mar 18, 2025 Jan 21, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.
CVE-2018-9401 1Google 1Android Jul 10, 2025 Jan 18, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User int...Show more In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less

Previous 1...141516...76 Next