Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-27505 1Intel 1Advanced Link Analyzer Nov 21, 2024 Aug 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local ac...Show more Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2023-27392 1Intel 1Support Nov 21, 2024 Aug 11, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2022-43702 1Arm 6Arm Compiler Arm Compiler For Embedded FusaArm Compiler For Functional Safety+3 more Feb 13, 2025 Jul 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.
CVE-2022-43701 1Arm 11Arm Compiler Arm Compiler For Embedded FusaArm Compiler For Functional Safety+8 more Feb 13, 2025 Jul 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.
CVE-2023-33745 1Teleadapt 1Roomcast Ta 2400 Firmware Nov 21, 2024 Jul 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a passwo...Show more TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).Show less
CVE-2023-38410 1Apple 3Ipados Iphone OsMacos Nov 21, 2024 Jul 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.
CVE-2023-3323 1Abb 1Zenon Nov 21, 2024 Jul 24, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exp...Show more A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. Show less
CVE-2023-26077 1Atera 1Atera Nov 21, 2024 Jul 24, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.
CVE-2023-38335 1Omnis 1Studio Nov 21, 2024 Jul 20, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always p...Show more Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".Show less
CVE-2023-38334 1Omnis 1Studio Nov 21, 2024 Jul 20, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or p...Show more Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."Show less
CVE-2023-31462 1Steelseries 1Gg Nov 21, 2024 Jul 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges.
CVE-2020-36695 1Hitachi 5Compute Systems Manager Device ManagerReplication Manager+2 more Nov 21, 2024 Jul 18, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on L...Show more Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08. Show less
CVE-2023-29131 1Siemens 2Simatic Cn 4100 Simatic Cn 4100 Firmware Feb 18, 2026 Jul 11, 2023 N/A· v4 10.0 CRITICAL· v3 N/A· v2 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.
CVE-2023-32183 1Opensuse 1Tumbleweed Nov 21, 2024 Jul 7, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed.
CVE-2023-21513 1Samsung 1Android Dec 5, 2024 Jun 28, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condit...Show more Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.Show less
CVE-2023-21512 1Samsung 1Android Nov 21, 2024 Jun 28, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
CVE-2023-21187 1Google 1Android Dec 5, 2024 Jun 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges n...Show more In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246542917Show less
CVE-2023-21175 1Google 1Android Dec 5, 2024 Jun 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional executio...Show more In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243574Show less
CVE-2023-20178 1Cisco 2Anyconnect Secure Mobility Client Secure Client Nov 21, 2024 Jun 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to ele...Show more A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.Show less
CVE-2023-30902 1Trendmicro 1Apex One Dec 5, 2024 Jun 26, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected reg...Show more A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.Show less

Previous 1...333435...76 Next