Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-4065 1Redhat 3Jboss A Mq Jboss MiddlewareOpenshift Container Platform Nov 21, 2024 Sep 27, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access inf...Show more A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.Show less
CVE-2023-44157 1Acronis 1Cyber Protect Nov 21, 2024 Sep 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979.
CVE-2022-4039 1Redhat 5Openshift Container Platform Openshift Container Platform For Ibm ZOpenshift Container Platform For Linuxone+2 more Nov 21, 2024 Sep 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code...Show more A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.Show less
CVE-2023-42261 1Opensecurity 1Mobile Security Framework Nov 21, 2024 Sep 21, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrus...Show more Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.Show less
CVE-2023-43496 1Jenkins 1Jenkins May 2, 2025 Sep 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing...Show more Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.Show less
CVE-2023-5042 1Acronis 1Cyber Protect Home Office Apr 10, 2026 Sep 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 4257...Show more Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.Show less
CVE-2023-4088 1Mitsubishielectric 1Gx Works3 Nov 21, 2024 Sep 20, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure,...Show more Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.Show less
CVE-2022-3466 2Kubernetes Redhat 2Cri O Openshift Container Platform Nov 21, 2024 Sep 15, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing t...Show more The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.Show less
CVE-2023-4664 1Adobe 1Connect May 21, 2026 Sep 15, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.
CVE-2023-37878 1Wftpserver 1Wing Ftp Server Nov 21, 2024 Sep 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.
CVE-2023-31468 1Inosoft 1Visiwin 7 Nov 21, 2024 Sep 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse...Show more An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.Show less
CVE-2023-31068 1Tsplus 2Tsplus Remote Access Tsplus Remote Work Mar 3, 2026 Sep 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
CVE-2023-31067 1Tsplus 1Tsplus Remote Access Nov 21, 2024 Sep 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.
CVE-2023-34352 1Apple 5Ipados Iphone OsMacos+2 more Dec 12, 2024 Sep 6, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user accoun...Show more A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.Show less
CVE-2023-2737 1Thalesgroup 1Safenet Authentication Service Nov 21, 2024 Aug 16, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.
CVE-2023-32492 1Dell 1Powerscale Onefs Feb 20, 2026 Aug 16, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modif...Show more Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files. Show less
CVE-2023-32663 1Intel 1Realsense Software Development Kit Nov 21, 2024 Aug 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32547 1Topconpositioning 1Mavinci Desktop Nov 21, 2024 Aug 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32543 1Intel 1Intelligent Test System Nov 21, 2024 Aug 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-31246 1Intel 1Server Debug And Provisioning Tool Nov 21, 2024 Aug 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Previous 1...323334...76 Next