Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-34617 1Samsung 1Android Aug 12, 2024 Aug 7, 2024 N/A· v4 3.3 LOW· v3 N/A· v2 Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.
CVE-2024-34616 1Samsung 1Android Aug 12, 2024 Aug 7, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.
CVE-2024-7525 1Mozilla 3Firefox Firefox EsrThunderbird Aug 12, 2024 Aug 6, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox...Show more It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.Show less
CVE-2024-43114 1Jetbrains 1Teamcity Sep 11, 2024 Aug 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
CVE-2024-6974 1Catonetworks 1Cato Client Aug 27, 2024 Jul 31, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
CVE-2024-40805 1Apple 5Ipados Iphone OsMacos+2 more Apr 2, 2026 Jul 29, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.
CVE-2024-27888 1Apple 1Macos Apr 2, 2026 Jul 29, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts of the file system.
CVE-2024-42053 1Splashtop 1Streamer Sep 3, 2025 Jul 28, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.d...Show more The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder.Show less
CVE-2024-36541 1Kube Logging 1Logging Operator Nov 21, 2024 Jul 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
CVE-2024-6122 1Ni 2Flexlogger Systemlink Nov 21, 2024 Jul 22, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and pri...Show more An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.Show less
CVE-2024-5321 - - Nov 21, 2024 Jul 18, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.
CVE-2024-21123 1Oracle 1Database Server Jun 18, 2025 Jul 16, 2024 N/A· v4 2.3 LOW· v3 N/A· v2 Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privileg...Show more Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with logon to the infrastructure where Oracle Database Core executes to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).Show less
CVE-2024-21122 1Oracle 1Peoplesoft Enterprise Hcm Shared Components Jun 17, 2025 Jul 16, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privil...Show more Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Shared Components, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).Show less
CVE-2024-6326 1Rockwellautomation 2Factorytalk Policy Manager Factorytalk System Services Nov 21, 2024 Jul 16, 2024 1.8 LOW· v4 5.5 MEDIUM· v3 N/A· v2 An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporar...Show more An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network.Show less
CVE-2024-6325 1Rockwellautomation 1Factorytalk Policy Manager Nov 21, 2024 Jul 16, 2024 6.0 MEDIUM· v4 6.5 MEDIUM· v3 N/A· v2 The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwella...Show more The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.htmlShow less
CVE-2024-32861 - - Jan 13, 2025 Jul 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions.
CVE-2024-3779 1Eset 8Endpoint Antivirus Endpoint SecurityInternet Security+5 more Nov 21, 2024 Jul 16, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met.
CVE-2024-6148 1Citrix 1Workspace Mar 25, 2025 Jul 10, 2024 5.3 MEDIUM· v4 8.8 HIGH· v3 N/A· v2 Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
CVE-2024-31312 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User in...Show more In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-22062 1Zte 1Zxcloud Irai Jan 28, 2025 Jul 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.

Previous 1...232425...76 Next