Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-41614 1Openrisc 1Mor1kx Firmware Feb 6, 2025 Apr 18, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register (EPCR) are not implemented correctly. User programs from an una...Show more An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register (EPCR) are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR.Show less
CVE-2023-28966 1Juniper 1Junos Os Evolved Nov 21, 2024 Apr 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by im...Show more An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO.Show less
CVE-2023-27647 1Dualspace 1Lock Master Feb 10, 2025 Apr 14, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the andr...Show more An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.Show less
CVE-2023-26918 1Filereplicationpro 1File Replication Pro Feb 7, 2025 Apr 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro al...Show more Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.Show less
CVE-2023-22951 1Tigergraph 2Cloud Tigergraph Enterprise Feb 7, 2025 Apr 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provide...Show more An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.Show less
CVE-2023-25542 1Dell 1Trusted Device Agent Nov 21, 2024 Apr 6, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated pri...Show more Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. Show less
CVE-2020-21514 1Fluentd 2Fluentd Fluentd Ui Jun 9, 2025 Apr 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password.
CVE-2023-25355 1Coredial 1Sipxcom Feb 13, 2025 Apr 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privi...Show more CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`.Show less
CVE-2023-25941 1Dell 1Emc Powerscale Onefs Nov 21, 2024 Apr 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of pri...Show more Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. Show less
CVE-2023-0181 1Nvidia 1Virtual Gpu Nov 21, 2024 Apr 1, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.
CVE-2022-48360 1Huawei 2Emui Harmonyos Nov 21, 2024 Mar 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-3146 2Openstack Redhat 3Openstack Openstack For Ibm PowerTripleo Ansible Nov 21, 2024 Mar 23, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the rele...Show more A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.Show less
CVE-2022-3101 2Openstack Redhat 3Openstack Openstack For Ibm PowerTripleo Ansible Nov 21, 2024 Mar 23, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the rele...Show more A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.Show less
CVE-2023-27593 1Cilium 1Cilium Nov 21, 2024 Mar 17, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a...Show more Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. The issue has been fixed and the fix is available on versions 1.11.15, 1.12.8, and 1.13.1. Some workarounds are available. Kubernetes RBAC should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible.Show less
CVE-2022-46774 1Ibm 1Manage Application Nov 21, 2024 Mar 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID:...Show more IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.Show less
CVE-2022-3758 1Gitlab 1Gitlab Nov 21, 2024 Mar 9, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions ch...Show more An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet.Show less
CVE-2023-1229 1Google 1Chrome Nov 21, 2024 Mar 7, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2021-36400 1Moodle 1Moodle Mar 7, 2025 Mar 6, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
CVE-2021-36397 1Moodle 1Moodle Mar 7, 2025 Mar 6, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
CVE-2022-45552 1Zbt 1We1626 Firmware Mar 7, 2025 Mar 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory.

Previous 1...373839...76 Next