Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-22440 1Intel 1Setup And Configuration Software Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-41687 1Intel 1Nuc P14e Laptop Element Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege...Show more Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2022-40971 1Intel 1Nuc Hdmi Firmware Update Tool Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36391 1Intel 1Nuc Pro Software Suite Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-33963 1Intel 1Unite Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local a...Show more Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2022-30338 1Intel 1Virtual Raid On Cpu Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-28192 1Apple 1Macos Jan 29, 2025 May 8, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information.
CVE-2023-23059 1Geovision 1Gv Edge Recording Manager Jan 29, 2025 May 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated pr...Show more An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.Show less
CVE-2023-22651 1Suse 1Rancher Jan 29, 2025 May 4, 2023 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enfor...Show more Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. Show less
CVE-2023-28724 1F5 3Nginx Api Connectivity Manager Nginx Instance ManagerNginx Security Monitoring Apr 10, 2025 May 3, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions w...Show more NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2022-30759 1Nokia 1One Nds Jan 30, 2025 May 2, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.
CVE-2023-1809 1W3eden 1Download Manager Mar 21, 2025 May 2, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.
CVE-2023-27035 1Obsidian 1Obsidian Jan 30, 2025 May 1, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.
CVE-2022-4568 1Lenovo 1System Update Jan 30, 2025 May 1, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
CVE-2023-29058 1Lenovo 109Thinkagile Hx1021 Firmware Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+106 more Nov 21, 2024 Apr 28, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no...Show more A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.Show less
CVE-2023-29057 1Lenovo 109Thinkagile Hx1021 Firmware Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+106 more Nov 21, 2024 Apr 28, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentica...Show more A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.Show less
CVE-2022-38583 1Sage 1Sage 300 Jan 31, 2025 Apr 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the...Show more On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server.Show less
CVE-2021-23166 1Odoo 1Odoo Feb 3, 2025 Apr 25, 2023 N/A· v4 8.7 HIGH· v3 N/A· v2 A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
CVE-2022-31244 1Nokia 1One Network Directory Server Feb 3, 2025 Apr 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.
CVE-2023-29923 1Powerjob 1Powerjob Feb 5, 2025 Apr 19, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.

Previous 1...363738...76 Next