Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-3187 1Beyondtrust 1Privilege Management For Mac May 27, 2025 Dec 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory)...Show more An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)Show less
CVE-2023-28870 1Ncp E 1Secure Enterprise Client Nov 21, 2024 Dec 9, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts.
CVE-2023-6273 1Huawei 2Emui Harmonyos Nov 21, 2024 Dec 6, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-46773 1Huawei 2Emui Harmonyos Nov 21, 2024 Dec 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2023-37572 1Softing 1Opc Nov 21, 2024 Dec 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the servi...Show more Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted.Show less
CVE-2023-40076 1Google 1Android May 29, 2025 Dec 4, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional executio...Show more In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-21216 1Google 1Android May 29, 2025 Dec 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privi...Show more In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-47462 1Gl Inet 1Gl Ax1800 Firmware Nov 21, 2024 Nov 29, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.
CVE-2023-42501 1Apache 1Superset Feb 13, 2025 Nov 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or ab...Show more Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.Show less
CVE-2023-6302 1Cskaza 1Cszcms Nov 21, 2024 Nov 27, 2023 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permis...Show more A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-47250 1M Privacy 3Mprivacy Tools Rsbac Policy TgproTightgatevnc Nov 21, 2024 Nov 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by...Show more In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack.Show less
CVE-2023-43081 1Dell 1Powerprotect Agent For File System Nov 21, 2024 Nov 22, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, lea...Show more PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files. Show less
CVE-2023-42774 1Openatom 1Openharmony Nov 21, 2024 Nov 20, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.
CVE-2023-3116 1Openatom 1Openharmony Nov 21, 2024 Nov 20, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.
CVE-2023-40363 1Ibm 1Infosphere Information Server Nov 21, 2024 Nov 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332.
CVE-2023-48648 1Concretecms 1Concrete Cms Nov 21, 2024 Nov 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777...Show more Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.Show less
CVE-2023-47335 1Autelrobotics 1Evo Nano Drone Firmware Jun 11, 2025 Nov 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.
CVE-2023-41718 1Ivanti 1Secure Access Client Jan 7, 2025 Nov 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
CVE-2023-35080 1Ivanti 1Secure Access Client Jan 7, 2025 Nov 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, inc...Show more A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.Show less
CVE-2023-32638 1Intel 1Arc Rgb Controller Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access.

Previous 1...303132...76 Next