Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-23996 1Samsung 1Wear Os Nov 21, 2024 Feb 11, 2022 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission.
CVE-2022-23995 1Samsung 1Wear Os Nov 21, 2024 Feb 11, 2022 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.
CVE-2021-39658 1Google 1Android Nov 21, 2024 Feb 11, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service，but it does not check the permissions of the caller，resulting in permission leaks。Third-party apps can use this...Show more ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service，but it does not check the permissions of the caller，resulting in permission leaks。Third-party apps can use this service to arbitrarily modify and set system properties。Product: AndroidVersions: Android SoCAndroid ID: A-207479207Show less
CVE-2021-39635 1Google 1Android Nov 21, 2024 Feb 11, 2022 N/A· v4 9.1 CRITICAL· v3 9.4 HIGH· v2 ims_ex is a vendor system service used to manage VoLTE in unisoc devices，But it does not verify the caller's permissions，so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage V...Show more ims_ex is a vendor system service used to manage VoLTE in unisoc devices，But it does not verify the caller's permissions，so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634Show less
CVE-2020-14521 1Mitsubishielectric 46C Controller Interface Module Utility C Controller Module Setting And Monitoring ToolCc Link Ie Control Network Data Collector+43 more Nov 21, 2024 Feb 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, an...Show more Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.Show less
CVE-2022-21204 1Intel 1Quartus Prime May 5, 2025 Feb 9, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-33166 1Intel 1Retail Experience Tool May 5, 2025 Feb 9, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2021-33129 1Intel 1Advisor May 5, 2025 Feb 9, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-22817 1Schneider Electric 37Hmibmiea5dd1001 Firmware Hmibmiea5dd100a FirmwareHmibmiea5dd1101 Firmware+34 more Nov 21, 2024 Feb 9, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (A...Show more A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)Show less
CVE-2021-0093 2Intel Netapp 681Atom C3308 Atom C3336Atom C3338+678 more May 5, 2025 Feb 9, 2022 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.
CVE-2022-24113 1Acronis 4Agent Cyber ProtectCyber Protect Home Office+1 more Nov 21, 2024 Feb 4, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147,...Show more Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287Show less
CVE-2022-24301 2Debian Minetest 2Debian Linux Minetest Nov 21, 2024 Feb 2, 2022 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
CVE-2021-46093 1Elitecms 1Elite Cms Nov 21, 2024 Feb 1, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.
CVE-2021-40416 1Reolink 1Rlc 410w Firmware Nov 21, 2024 Jan 28, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already e...Show more An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2021-40415 1Reolink 1Rlc 410w Firmware Nov 21, 2024 Jan 28, 2022 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the us...Show more An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device.Show less
CVE-2021-40414 1Reolink 1Rlc 410w Firmware Nov 21, 2024 Jan 28, 2022 N/A· v4 7.1 HIGH· v3 5.5 MEDIUM· v2 An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the abi...Show more An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters.Show less
CVE-2021-40413 1Reolink 1Rlc 410w Firmware Nov 21, 2024 Jan 28, 2022 N/A· v4 7.1 HIGH· v3 6.5 MEDIUM· v2 An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifi...Show more An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2021-40397 1Advantech 1Wise Paas/ota Nov 21, 2024 Jan 28, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker c...Show more A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-40396 1Advantech 1Deviceon/iservice Nov 21, 2024 Jan 28, 2022 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can...Show more A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-40389 1Advantech 1Deviceon/iedge Nov 21, 2024 Jan 28, 2022 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker...Show more A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.Show less

Previous 1...484950...76 Next