Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-9434 1Google 1Android Jul 10, 2025 Jan 17, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...Show more In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-40514 1Themesbrand 1Chatvia Sep 30, 2025 Jan 16, 2025 N/A· v4 4.6 MEDIUM· v3 N/A· v2 Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions.
CVE-2024-57684 1Dlink 1Dir 816 Firmware May 2, 2025 Jan 16, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.
CVE-2024-52783 - - Feb 3, 2025 Jan 15, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file.
CVE-2024-46464 - - Jan 10, 2025 Jan 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege.
CVE-2024-55225 1Dani Garcia 1Vaultwarden Jun 20, 2025 Jan 9, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.
CVE-2024-46505 - - Jan 23, 2025 Jan 9, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
CVE-2023-1907 1Pgadmin 1Pgadmin Jun 20, 2025 Jan 9, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
CVE-2024-13206 - - Jan 9, 2025 Jan 9, 2025 8.5 HIGH· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default per...Show more A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-13188 1Escanav 1Escan Anti Virus Oct 9, 2025 Jan 8, 2025 4.8 MEDIUM· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation...Show more A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-56447 1Huawei 2Emui Harmonyos Jan 13, 2025 Jan 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-56440 1Huawei 2Emui Harmonyos Jan 13, 2025 Jan 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-52954 1Huawei 2Emui Harmonyos Jan 13, 2025 Jan 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-41572 1Eyesofnetwork 1Eyesofnetwork Jun 13, 2025 Jan 7, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.
CVE-2021-27285 1Inspur 1Clusterengine Sep 5, 2025 Jan 6, 2025 N/A· v4 8.4 HIGH· v3 N/A· v2 An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.
CVE-2024-53841 1Google 1Android Jul 24, 2025 Jan 3, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...Show more In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-53840 1Google 1Android Jul 24, 2025 Jan 3, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-53835 1Google 1Android Jul 24, 2025 Jan 3, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-11624 1Google 1Android Jul 24, 2025 Jan 3, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...Show more there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-43769 1Google 1Android Apr 21, 2025 Jan 3, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege w...Show more In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less

Previous 1...151617...76 Next