Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-38222 1Microsoft 1Edge Sep 18, 2024 Sep 12, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-40655 1Google 1Android Mar 18, 2025 Sep 11, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of priv...Show more In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2024-40654 1Google 1Android Dec 17, 2024 Sep 11, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for explo...Show more In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2024-34661 1Samsung 1Assistant Sep 5, 2024 Sep 4, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.
CVE-2024-34648 1Samsung 1Android Sep 5, 2024 Sep 4, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.
CVE-2024-34018 1Acronis 1Snap Deploy Sep 12, 2024 Aug 29, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
CVE-2024-44760 1Sunmochina 1Enterprise Management System Nov 15, 2024 Aug 28, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server.
CVE-2023-45896 - - Nov 3, 2025 Aug 28, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media)...Show more ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.Show less
CVE-2024-43791 1Steveklabnik 1Request Store Sep 12, 2024 Aug 23, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary cod...Show more RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.Show less
CVE-2024-4763 - - Aug 19, 2024 Aug 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel.
CVE-2024-2175 - - Aug 19, 2024 Aug 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.
CVE-2024-42681 1Xuxueli 1Xxl Job Aug 19, 2024 Aug 15, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.
CVE-2024-27461 1Intel 1Memory And Storage Tool Gui Sep 6, 2024 Aug 14, 2024 4.3 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-26025 1Intel 2Advisor Oneapi Base Toolkit Sep 6, 2024 Aug 14, 2024 5.4 MEDIUM· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23974 - - Aug 14, 2024 Aug 14, 2024 5.4 MEDIUM· v4 6.7 MEDIUM· v3 N/A· v2 Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23495 1Intel 2Distribution For Gdb Oneapi Base Toolkit Aug 31, 2024 Aug 14, 2024 5.4 MEDIUM· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22378 - - Aug 14, 2024 Aug 14, 2024 5.4 MEDIUM· v4 6.7 MEDIUM· v3 N/A· v2 Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local a...Show more Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2023-43747 - - Aug 14, 2024 Aug 14, 2024 5.4 MEDIUM· v4 6.7 MEDIUM· v3 N/A· v2 Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-31349 1Amd 1Uprof Dec 12, 2024 Aug 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2024-6640 - - Nov 26, 2024 Aug 12, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The...Show more In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated. ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table.Show less

Previous 1...222324...76 Next