Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-29162 1Intel 16Advisor Cluster CheckerDistribution For Python+13 more Jan 14, 2026 Feb 14, 2024 N/A· v4 6.0 MEDIUM· v3 N/A· v2 Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via loca...Show more Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. Show less
CVE-2023-28739 1Intel 1Chipset Device Software Jan 7, 2025 Feb 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-38960 1Raidenftpd 1Raidenftpd May 7, 2025 Feb 13, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory.
CVE-2023-50236 1Siemens 1Polarion Alm Nov 21, 2024 Feb 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could explo...Show more A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.Show less
CVE-2024-24828 1Vercel 1Pkg Nov 21, 2024 Feb 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/` which is a shared directory for all u...Show more pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.Show less
CVE-2024-22430 1Dell 1Powerscale Onefs Feb 20, 2026 Feb 1, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of serv...Show more Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. Show less
CVE-2024-0833 1Progress 1Telerik Test Studio Nov 21, 2024 Jan 31, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install i...Show more In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.Show less
CVE-2024-21840 1Hitachi 1Storage Plug In Nov 21, 2024 Jan 30, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 t...Show more Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2. Show less
CVE-2023-29081 1Flexera 1Installshield Nov 21, 2024 Jan 26, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling mo...Show more A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders.Show less
CVE-2024-22301 1Eduva 1Albo Pretorio Online Apr 28, 2026 Jan 24, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6.
CVE-2022-4964 1Canonical 1Ubuntu Pipewire Pulse Jun 20, 2025 Jan 24, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.
CVE-2024-0770 1Echa.europa 1Iuclid Nov 21, 2024 Jan 21, 2024 N/A· v4 7.1 HIGH· v3 3.2 LOW· v2 A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipula...Show more A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-29244 1Intel 1Nuc P14e Laptop Element Nov 21, 2024 Jan 19, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially...Show more Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2024-22409 1Datahub Project 1Datahub Nov 21, 2024 Jan 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad perm...Show more DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.Show less
CVE-2024-22428 1Dell 1Emc Idrac Service Module Nov 21, 2024 Jan 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected sys...Show more Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity. Show less
CVE-2023-6457 1Hitachi 1Tuning Manager Nov 21, 2024 Jan 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: be...Show more Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04. Show less
CVE-2024-23301 4Fedoraproject RedhatRelax And Recover+1 more 4Enterprise Linux FedoraLinux Enterprise+1 more Dec 10, 2025 Jan 12, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
CVE-2022-45793 1Omron 1Automation Software Sysmac Studio Nov 21, 2024 Jan 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user.
CVE-2023-50612 1Fit2cloud 1Cloudexplorer Lite Jun 3, 2025 Jan 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.
CVE-2023-5536 1Canonical 1Ubuntu Linux Nov 21, 2024 Dec 12, 2023 N/A· v4 6.4 MEDIUM· v3 N/A· v2 A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

Previous 1...293031...76 Next