Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1038 1Hp 1Jumpstart Apr 29, 2025 Dec 12, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.
CVE-2021-3437 1Hp 2Omen Gaming Hub Omen Gaming Hub Sdk Apr 29, 2025 Dec 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulne...Show more Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities.Show less
CVE-2022-45118 1Openharmony 1Openharmony Nov 21, 2024 Dec 8, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and...Show more OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.Show less
CVE-2022-46382 1Rackn 1Digital Rebar Apr 23, 2025 Dec 6, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens ti...Show more RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.Show less
CVE-2022-27773 1Ivanti 1Endpoint Manager Apr 24, 2025 Dec 5, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.
CVE-2022-45562 1Telosalliance 1Omnia Mpx Node Firmware Apr 24, 2025 Dec 2, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute a...Show more Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.Show less
CVE-2022-44929 1D Link 1Dvg G5402sp Firmware Apr 24, 2025 Dec 2, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.
CVE-2022-42718 1Ni 1Labview Command Line Interface Apr 24, 2025 Dec 1, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-4020 1Acer 5Aspire A115 21 Firmware Aspire A315 22 FirmwareAspire A315 22g Firmware+2 more Nov 21, 2024 Nov 28, 2022 N/A· v4 8.2 HIGH· v3 N/A· v2 Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
CVE-2022-41943 1Sourcegraph 1Sourcegraph Nov 21, 2024 Nov 22, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been d...Show more sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0.Show less
CVE-2022-42130 1Liferay 2Digital Experience Platform Liferay Portal Apr 30, 2025 Nov 15, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries,...Show more The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.Show less
CVE-2022-42128 1Liferay 2Digital Experience Platform Liferay Portal Apr 30, 2025 Nov 15, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getS...Show more The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.Show less
CVE-2022-42127 1Liferay 2Digital Experience Platform Liferay Portal Apr 30, 2025 Nov 15, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URL...Show more The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.Show less
CVE-2022-36377 1Intel 1Nuc Kit Wireless Adapter Driver Installer Nov 21, 2024 Nov 11, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable e...Show more Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2022-36367 1Intel 1Support Feb 5, 2025 Nov 11, 2022 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2022-44561 1Huawei 2Emui Harmonyos May 1, 2025 Nov 9, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.
CVE-2022-44557 1Huawei 2Emui Harmonyos May 1, 2025 Nov 9, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-44554 1Huawei 2Emui Harmonyos May 1, 2025 Nov 9, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.
CVE-2022-44548 1Huawei 2Emui Harmonyos May 1, 2025 Nov 9, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluet...Show more There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.Show less
CVE-2022-34824 1Nec 2Expresscluster X Expresscluster X Singleserversafe May 1, 2025 Nov 8, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 Si...Show more Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.Show less

Previous 1...404142...76 Next