Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-27305 1Intel 2Arc A Graphics Iris Xe Graphics Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-23583 3Debian IntelNetapp 223Affa900 Firmware Core I3 1005g1 FirmwareCore I3 10100y Firmware+220 more Jan 7, 2025 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of se...Show more Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.Show less
CVE-2023-43902 1Emsigner 1Emsigner Jan 8, 2025 Nov 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted pa...Show more Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token.Show less
CVE-2023-46743 1Xwiki 1Application Collabora Nov 21, 2024 Nov 9, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments file...Show more application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3.Show less
CVE-2023-4706 1Lenovo 1Preload Directory Nov 21, 2024 Nov 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.
CVE-2023-43984 1Advanced Export Products Orders Cron Csv Excel Project 1Advanced Export Products Orders Cron Csv Excel Nov 21, 2024 Nov 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table.
CVE-2023-41726 1Ivanti 1Avalanche Nov 21, 2024 Nov 3, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
CVE-2023-4091 3Fedoraproject RedhatSamba 5Enterprise Linux Enterprise Linux EusFedora+2 more Nov 21, 2024 Nov 3, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes"....Show more A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.Show less
CVE-2022-4575 1Lenovo 13Thinkpad 25 Firmware Thinkpad L560 FirmwareThinkpad P50 Firmware+10 more Nov 21, 2024 Oct 30, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Sec...Show more A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. Show less
CVE-2023-5623 1Tenable 1Nessus Network Monitor Nov 21, 2024 Oct 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location
CVE-2023-45990 1Wenwen Ai 1Wenwenai Cms Nov 21, 2024 Oct 25, 2023 N/A· v4 8.0 HIGH· v3 N/A· v2 Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges.
CVE-2023-3112 1Ellipticlabs 2Ai Virtual Presence Sensor Virtual Lock Sensor Nov 21, 2024 Oct 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.
CVE-2022-42150 1Tinylab 2Cloud Lab Linux Lab Nov 21, 2024 Oct 19, 2023 N/A· v4 10.0 CRITICAL· v3 N/A· v2 TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.
CVE-2023-35183 1Solarwinds 1Access Rights Manager Nov 21, 2024 Oct 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.
CVE-2023-35181 1Solarwinds 1Access Rights Manager Nov 21, 2024 Oct 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.
CVE-2023-27133 1Tsplus 1Tsplus Remote Work Nov 21, 2024 Oct 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies...Show more TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.Show less
CVE-2023-45690 1Southrivertech 2Titan Ftp Server Titan Mft Server Nov 21, 2024 Oct 16, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
CVE-2023-44194 1Juniper 1Junos Nov 21, 2024 Oct 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper d...Show more An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S1. Show less
CVE-2022-3431 1Lenovo 25D330 10igl Firmware Ideapad 5 Pro 16ach6 FirmwareIdeapad 5 Pro 16ihu6 Firmware+22 more Nov 21, 2024 Oct 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot se...Show more A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.Show less
CVE-2023-3440 1Hitachi 1Jp1/performance Management Nov 21, 2024 Oct 3, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance M...Show more Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*. Show less

Previous 1...313233...76 Next