Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-48292 - - Nov 19, 2024 Nov 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges.
CVE-2024-28058 - - Nov 21, 2024 Nov 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized ac...Show more In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data.Show less
CVE-2024-52946 - - Nov 3, 2025 Nov 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule...Show more An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.Show less
CVE-2024-52926 - - Dec 24, 2024 Nov 18, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.
CVE-2024-52867 - - Nov 21, 2024 Nov 17, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vuln...Show more guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.Show less
CVE-2024-51765 - - Nov 19, 2024 Nov 15, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
CVE-2024-51764 - - Nov 19, 2024 Nov 15, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
CVE-2017-13314 1Google 1Android Dec 18, 2024 Nov 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VP...Show more In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2017-13312 1Google 1Android Dec 18, 2024 Nov 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privi...Show more In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2017-13311 1Google 1Android Dec 18, 2024 Nov 15, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with sy...Show more In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2017-13310 1Google 1Android Dec 17, 2024 Nov 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system p...Show more In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-46467 - - Nov 25, 2024 Nov 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONEPOINT has to be modifi...Show more By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONEPOINT has to be modified to prevent this vulnerability.Show less
CVE-2024-46466 - - Nov 25, 2024 Nov 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 (ANSSI qualification submission) can be accessed by other users to misuse technical files and make them perform tasks with higher pr...Show more By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 (ANSSI qualification submission) can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONECENTRAL has to be modified to prevent this vulnerability.Show less
CVE-2024-46465 1Primx 1Cryhod Oct 1, 2025 Nov 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to...Show more By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to prevent this vulnerability.Show less
CVE-2024-46463 - - Nov 25, 2024 Nov 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ORIZON has to be modified to...Show more By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ORIZON has to be modified to prevent this vulnerability.Show less
CVE-2024-46462 - - Nov 25, 2024 Nov 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified t...Show more By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability.Show less
CVE-2024-42188 1Hcltech 1Connections Oct 28, 2025 Nov 14, 2024 N/A· v4 4.6 MEDIUM· v3 N/A· v2 HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios.
CVE-2024-52551 1Jenkins 1Pipeline\ Oct 8, 2025 Nov 13, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Buil...Show more Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved.Show less
CVE-2024-35201 1Intel 1Server Debug And Provisioning Tool Feb 4, 2025 Nov 13, 2024 5.4 MEDIUM· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access.
CVE-2024-29083 - - Nov 15, 2024 Nov 13, 2024 5.4 MEDIUM· v4 6.7 MEDIUM· v3 N/A· v2 Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Previous 1...181920...76 Next