Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-3432 1Lenovo 1Ideapad Y700 14isk Firmware Nov 21, 2024 Jan 26, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modify...Show more A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.Show less
CVE-2022-20456 1Google 1Android Apr 2, 2025 Jan 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileg...Show more In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780Show less
CVE-2022-3430 1Lenovo 44D330 10igl Firmware Ideapad 5 Pro 16arh7 FirmwareIdeapad 5 Pro 16iah7 Firmware+41 more Nov 21, 2024 Jan 23, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVE-2022-1109 1Lenovo 1Leyun Nov 21, 2024 Jan 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service.
CVE-2023-20043 1Cisco 1Cx Cloud Agent Nov 21, 2024 Jan 20, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability...Show more A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.Show less
CVE-2022-45924 1Opentext 1Opentext Extended Ecm Apr 4, 2025 Jan 18, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
CVE-2020-36611 1Hitachi 1Tuning Manager Nov 21, 2024 Jan 17, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Age...Show more Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00. Show less
CVE-2023-23566 1Axigen 1Axigen Mail Server Apr 7, 2025 Jan 13, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook o...Show more A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code.Show less
CVE-2022-46761 1Huawei 2Emui Harmonyos Apr 9, 2025 Jan 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.
CVE-2021-4297 1Jobe Project 1Jobe May 28, 2025 Jan 1, 2023 N/A· v4 9.8 CRITICAL· v3 4.9 MEDIUM· v2 A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argum...Show more A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is able to address this issue. The patch is identified as 694da5013dbecc8d30dd83e2a83e78faadf93771. It is recommended to upgrade the affected component. VDB-217174 is the identifier assigned to this vulnerability.Show less
CVE-2019-9579 2Illumos Oracle 2Illumos Solaris Apr 14, 2025 Dec 26, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This...Show more An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream).Show less
CVE-2022-3155 1Mozilla 1Thunderbird Apr 15, 2025 Dec 22, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the applic...Show more When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.Show less
CVE-2022-29909 1Mozilla 3Firefox Firefox EsrThunderbird Apr 16, 2025 Dec 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerabi...Show more Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.Show less
CVE-2022-47551 1Apiman 1Apiman Apr 17, 2025 Dec 20, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was...Show more Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.Show less
CVE-2022-20611 1Google 1Android Apr 22, 2025 Dec 13, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execu...Show more In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180Show less
CVE-2022-20495 1Google 1Android Apr 22, 2025 Dec 13, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no addi...Show more In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844Show less
CVE-2022-20475 1Google 1Android Apr 22, 2025 Dec 13, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional executi...Show more In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-240663194Show less
CVE-2022-20474 1Google 1Android Apr 22, 2025 Dec 13, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileg...Show more In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294Show less
CVE-2022-42446 1Hcltech 1Sametime Apr 24, 2025 Dec 12, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
CVE-2022-37018 1Hp 75Elite Slice Firmware Elite X2 1012 G1 FirmwareElite X2 1012 G2 Firmware+72 more Apr 29, 2025 Dec 12, 2022 N/A· v4 8.4 HIGH· v3 N/A· v2 A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerab...Show more A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.Show less

Previous 1...394041...76 Next