Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-39087 1Ibm 1Sterling B2b Integrator Nov 21, 2024 Aug 16, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission cont...Show more IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109.Show less
CVE-2021-30490 1Power Software Download 1Viewpower Nov 21, 2024 Aug 16, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.
CVE-2022-20272 1Google 1Android Nov 21, 2024 Aug 12, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User i...Show more In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672568Show less
CVE-2022-20246 1Google 1Android Nov 21, 2024 Aug 11, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional e...Show more In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230493191Show less
CVE-2022-37006 1Huawei 2Emui Harmonyos Nov 21, 2024 Aug 10, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability.
CVE-2022-37003 1Huawei 3Emui HarmonyosMagic Ui Sep 8, 2025 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files.
CVE-2022-37030 1Grommunio 1Gromox Nov 21, 2024 Aug 4, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading t...Show more Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.Show less
CVE-2022-22424 1Ibm 1Qradar Security Information And Event Manager Nov 21, 2024 Jul 20, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.
CVE-2022-34737 1Huawei 3Emui HarmonyosMagic Ui Nov 21, 2024 Jul 12, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
CVE-2022-30758 1Google 1Android Nov 21, 2024 Jul 12, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.
CVE-2022-30753 1Google 1Android Nov 21, 2024 Jul 12, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
CVE-2022-2366 1Mattermost 1Mattermost Server Nov 21, 2024 Jul 12, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the...Show more Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.Show less
CVE-2022-32207 6Apple DebianFedoraproject+3 more 14Bootstrap Os Clustered Data OntapCurl+11 more Apr 23, 2025 Jul 7, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation...Show more When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.Show less
CVE-2022-33996 1Devolutions 1Devolutions Server Nov 21, 2024 Jul 7, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.
CVE-2022-2270 1Gitlab 1Gitlab Nov 21, 2024 Jul 1, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan pack...Show more An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification.Show less
CVE-2022-33023 1Openhwgroup 1Cva6 Nov 21, 2024 Jun 29, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong.
CVE-2021-41637 1Melag 1Ftp Server Nov 21, 2024 Jun 24, 2022 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users.
CVE-2021-41635 1Melag 1Ftp Server Nov 21, 2024 Jun 24, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.
CVE-2022-1833 1Redhat 1Amq Broker Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by che...Show more A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack.Show less
CVE-2022-33912 2Checkmk Tribe29 2Checkmk Checkmk Nov 21, 2024 Jun 17, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents...Show more A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected.Show less

Previous 1...434445...76 Next