Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-25540 1Dell 1Emc Powerscale Onefs Nov 21, 2024 Feb 28, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.
CVE-2022-3884 1Hitachi 1Ops Center Analyzer Nov 21, 2024 Feb 28, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops...Show more Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. Show less
CVE-2020-36652 1Hitachi 5Automation Director Infrastructure Analytics AdvisorOps Center Analyzer+2 more Nov 21, 2024 Feb 28, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitach...Show more Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00. Show less
CVE-2022-40232 1Ibm 1Sterling B2b Integrator Nov 21, 2024 Feb 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID:...Show more IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597. Show less
CVE-2021-34182 1Ttyd Project 1Ttyd Mar 18, 2025 Feb 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions.
CVE-2021-34164 1Lizhifaka Project 1Lizhifaka Mar 18, 2025 Feb 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.
CVE-2022-36397 1Intel 1Quickassist Technology Nov 21, 2024 Feb 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-33196 1Intel 136Xeon D 1513n Firmware Xeon D 1518 FirmwareXeon D 1520 Firmware+133 more Nov 21, 2024 Feb 16, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation...Show more Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.Show less
CVE-2023-23850 1Jenkins 1Synopsys Coverity Mar 18, 2025 Feb 15, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2023-23848 1Jenkins 1Synopsys Coverity Mar 18, 2025 Feb 15, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtain...Show more Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2022-45153 2Opensuse Suse 3Leap Linux Enterprise Module For Sap ApplicationsLinux Enterprise Server Nov 21, 2024 Feb 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attacke...Show more An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.Show less
CVE-2023-22931 1Splunk 2Splunk Splunk Cloud Platform Nov 21, 2024 Feb 14, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been...Show more In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.Show less
CVE-2022-45454 1Acronis 2Agent Cyber Protect Nov 21, 2024 Feb 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.
CVE-2023-21433 1Samsung 1Galaxy Store Nov 21, 2024 Feb 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.
CVE-2022-31254 1Opensuse 1Rmt Server Nov 21, 2024 Feb 7, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUS...Show more A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.Show less
CVE-2022-23454 1Hp 1Support Assistant Mar 27, 2025 Feb 1, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized...Show more Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.Show less
CVE-2022-23453 1Hp 1Support Assistant Mar 27, 2025 Feb 1, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized...Show more Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.Show less
CVE-2022-45099 1Dell 1Emc Powerscale Onefs Nov 21, 2024 Feb 1, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise
CVE-2022-48199 1Softperfect 1Networx Apr 2, 2025 Jan 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications functio...Show more SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The resulting binary execution will occur in the context of any user running NetWorx. If an attacker modifies the Notifications function to execute a malicious binary, the binary will be executed by every user running NetWorx on that system.Show less
CVE-2022-47040 1Askey 1Rtf3505vw N1 Firmware Apr 2, 2025 Jan 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets t...Show more An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.Show less

Previous 1...383940...76 Next