Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-27150 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
CVE-2024-27149 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
CVE-2024-27148 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
CVE-2024-27144 - - Nov 21, 2024 Jun 14, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalat...Show more The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.Show less
CVE-2024-37038 1Schneider Electric 1Sage Rtu Firmware Nov 21, 2024 Jun 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requ...Show more CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.Show less
CVE-2024-23847 - - Apr 8, 2025 May 31, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, da...Show more Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.Show less
CVE-2024-32978 - - Nov 21, 2024 May 27, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concer...Show more Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library. Such access could lead to the alteration of application behavior or data integrity issues. Users of affected versions are advised to update to Kaminari version 0.16.2 or later, where file permissions have been adjusted to enhance security. If upgrading is not feasible immediately, review and adjust the file permissions for particular Ruby files in Kaminari to ensure they are only accessible by authorized user.Show less
CVE-2024-27264 1Ibm 1I Jun 30, 2025 May 22, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator pr...Show more IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.Show less
CVE-2023-43629 1Intel 1Graphics Performance Analyzers Jan 23, 2025 May 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-42668 - - Nov 21, 2024 May 16, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privile...Show more Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2023-42433 - - Nov 21, 2024 May 16, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-24460 1Intel 1Graphics Performance Analyzers Jan 23, 2025 May 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34223 1Oretnom23 1Human Resource Management System Apr 18, 2025 May 14, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.
CVE-2024-34221 1Oretnom23 1Human Resource Management System Apr 18, 2025 May 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.
CVE-2023-46870 - - Nov 21, 2024 May 14, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows att...Show more extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via modified bash and python scripts.Show less
CVE-2024-4030 - - Nov 21, 2024 May 7, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions fr...Show more On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.Show less
CVE-2024-34474 - - Nov 21, 2024 May 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM.
CVE-2024-34455 - - Nov 21, 2024 May 3, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2.
CVE-2024-4226 1Octopus 1Octopus Server Jun 27, 2025 Apr 30, 2024 N/A· v4 3.5 LOW· v3 N/A· v2 It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after t...Show more It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.Show less
CVE-2024-34011 - - Nov 21, 2024 Apr 29, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.

Previous 1...252627...76 Next