Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-44215 1Northern.tech 1Cfengine Nov 21, 2024 Mar 10, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.
CVE-2021-40059 1Huawei 2Emui Magic Ui Nov 21, 2024 Mar 10, 2022 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40053 1Huawei 3Emui HarmonyosMagic Ui Nov 21, 2024 Mar 10, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity.
CVE-2021-40049 1Huawei 3Emui HarmonyosMagic Ui Nov 21, 2024 Mar 10, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.
CVE-2021-3981 2Fedoraproject Gnu 2Fedora Grub2 Nov 21, 2024 Mar 10, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality...Show more A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.Show less
CVE-2021-32006 1Secomea 1Gatemanager Nov 21, 2024 Mar 10, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored Si...Show more This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.Show less
CVE-2021-20269 1Kexec Tools Project 1Kexec Tools Nov 21, 2024 Mar 10, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from t...Show more A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.Show less
CVE-2022-25943 1Kingsoft 1Wps Office Nov 21, 2024 Mar 9, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
CVE-2021-38268 1Liferay 2Digital Experience Platform Liferay Portal Nov 21, 2024 Mar 2, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permission...Show more The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API.Show less
CVE-2021-41652 1Batflat 1Batflat Nov 21, 2024 Mar 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.
CVE-2021-37103 1Huawei 2Emui Magic Ui Nov 21, 2024 Feb 25, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2022-24343 1Jetbrains 1Youtrack Nov 21, 2024 Feb 25, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
CVE-2022-24337 1Jetbrains 1Teamcity Nov 21, 2024 Feb 25, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
CVE-2022-25327 1Google 1Fscrypt Nov 21, 2024 Feb 25, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by cre...Show more The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or aboveShow less
CVE-2022-23922 1Win 911 2Win 911 2021 R1 Win 911 2021 R2 Nov 21, 2024 Feb 24, 2022 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed.
CVE-2022-23104 1Win 911 2Win 911 2021 R1 Win 911 2021 R2 Nov 21, 2024 Feb 24, 2022 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privileg...Show more WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program.Show less
CVE-2021-45083 2Cobbler Project Fedoraproject 2Cobbler Fedora Nov 21, 2024 Feb 20, 2022 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the se...Show more An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.Show less
CVE-2021-3948 2Konveyor Redhat 2Mig Controller Migration Toolkit Nov 21, 2024 Feb 18, 2022 N/A· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting con...Show more An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.Show less
CVE-2021-3155 1Canonical 2Snapd Ubuntu Linux Nov 21, 2024 Feb 17, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd...Show more snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1Show less
CVE-2021-20001 2Debian Skolelinux 2Debian Edu Config Debian Linux Nov 21, 2024 Feb 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privile...Show more It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.Show less

Previous 1...474849...76 Next