Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-3904 - - Nov 21, 2024 Jul 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malic...Show more Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product.Show less
CVE-2024-4679 - - Nov 21, 2024 Jul 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Man...Show more Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04.Show less
CVE-2024-2819 1Hitachi 1Ops Center Common Services Jan 21, 2025 Jul 2, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.
CVE-2024-35139 1Ibm 1Security Access Manager Nov 3, 2025 Jun 28, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.
CVE-2024-39347 1Synology 1Router Manager Aug 7, 2025 Jun 28, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resource...Show more Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.Show less
CVE-2023-38370 1Ibm 1Security Access Manager Nov 3, 2025 Jun 27, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.
CVE-2024-6238 1Pgadmin 1Pgadmin 4 Sep 23, 2025 Jun 25, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms.
CVE-2024-22385 - - Nov 21, 2024 Jun 25, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 be...Show more Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4.Show less
CVE-2024-36495 - - Nov 21, 2024 Jun 24, 2024 N/A· v4 7.7 HIGH· v3 N/A· v2 The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelec...Show more The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsdShow less
CVE-2024-5967 - - Nov 21, 2024 Jun 18, 2024 N/A· v4 2.7 LOW· v3 N/A· v2 A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with adm...Show more A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.Show less
CVE-2024-38459 1Langchain 1Langchain Experimental Jul 16, 2025 Jun 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
CVE-2024-34012 1Acronis 1Cloud Manager Nov 21, 2024 Jun 14, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.
CVE-2024-27180 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference URL.
CVE-2024-27171 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL.
CVE-2024-27167 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/ver...Show more Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL.Show less
CVE-2024-27166 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.
CVE-2024-27155 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 7.7 HIGH· v3 N/A· v2 The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attack...Show more The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL.Show less
CVE-2024-27153 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
CVE-2024-27152 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
CVE-2024-27151 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attack...Show more The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL.Show less

Previous 1...242526...76 Next