Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-25647 - - Nov 15, 2024 Nov 13, 2024 5.4 MEDIUM· v4 6.7 MEDIUM· v3 N/A· v2 Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21820 - - Nov 3, 2025 Nov 13, 2024 8.5 HIGH· v4 7.2 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-43089 1Google 1Android Dec 17, 2024 Nov 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges need...Show more In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-43086 1Google 1Android Dec 18, 2024 Nov 13, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additi...Show more In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-43085 1Google 1Android Dec 18, 2024 Nov 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege wit...Show more In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-43081 1Google 1Android Dec 17, 2024 Nov 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution...Show more In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-40661 1Google 1Android Dec 17, 2024 Nov 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional...Show more In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-40660 1Google 1Android Dec 17, 2024 Nov 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution...Show more In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-49504 - - Nov 13, 2024 Nov 13, 2024 7.0 HIGH· v4 N/A· v3 N/A· v2 grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
CVE-2024-21958 1Amd 1Provisioning Console Dec 18, 2024 Nov 12, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2024-21957 1Amd 1Management Console Dec 18, 2024 Nov 12, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21946 1Amd 1Ryzen Master Utility For Overclocking Control Dec 18, 2024 Nov 12, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21945 1Amd 1Ryzen Master Monitoring Software Development Kit Dec 18, 2024 Nov 12, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21939 1Amd 1Cloud Manageability Service Dec 18, 2024 Nov 12, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21938 1Amd 1Management Plugin For Sccm Dec 18, 2024 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulti...Show more Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.Show less
CVE-2024-21937 1Amd 2Radeon Software Radeon Software For Hip Nov 27, 2024 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-46894 1Siemens 1Sinec Ins Aug 20, 2025 Nov 12, 2024 5.3 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow a...Show more A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.Show less
CVE-2024-47593 - - Nov 12, 2024 Nov 12, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sor...Show more SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability.Show less
CVE-2024-43430 1Moodle 1Moodle May 1, 2025 Nov 11, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A flaw was found in moodle. External API access to Quiz can override contained insufficient access control.
CVE-2024-50590 - - Nov 3, 2025 Nov 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default insta...Show more Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”. Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".Show less

Previous 1...192021...76 Next