CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276
CVE-2024-42419 MEDIUM
Intel(R) GPA < - Privilege Escalation
CVSS 6.7
CVE-2024-32942 MEDIUM
Intel(R) DSA Installer <24.2.19.5 - Privilege Escalation
CVSS 6.7
CVE-2024-55215 CRITICAL
jrohy/trojan 2.0.0-2.15.3 - Unauthenticated Privilege Escalation via Initialization Interface
CVSS 9.8
CVE-2024-11468 HIGH
Omnissa Horizon Client - Privilege Escalation
CVSS 7.8
CVE-2024-57548 CRITICAL
CMSimple 5.16 - Unauthenticated Arbitrary File Write via Log.php Print Page
CVSS 9.1
CVE-2024-55930 MEDIUM
Xerox Workplace Suite < 5.6.701.9 - Unauthorized File Access via Weak Default Permissions
CVSS 6.7
CVE-2024-55957 HIGH
Thermo Fisher Scientific Xcalibur <4.7 SP1 & Thermo Foundation ICSW...
CVSS 7.8
CVE-2024-49744 HIGH
Android - Local Privilege Escalation via Unsafe Deserialization in AccountManagerService
CVSS 7.8
CVE-2024-49737 HIGH
WindowOrganizerController - Privilege Escalation
CVSS 7.8
CVE-2024-49735 HIGH
Multiple Locations - Privilege Escalation
CVSS 7.8
CVE-2024-49732 HIGH
CompanionDeviceManagerService - Privilege Escalation
CVSS 7.8
CVE-2024-49724 HIGH
AccountManagerService - Privilege Escalation
CVSS 7.0
CVE-2024-43765 HIGH
Android - Local Privilege Escalation via Tapjacking/Overlay Attack
CVSS 7.8
CVE-2024-34730 HIGH
Android - Local Privilege Escalation via Bluetooth HID Consent Bypass
CVSS 7.8
CVE-2024-55959 CRITICAL
Northern.tech Mender Client <4.0.5 - Privilege Escalation
CVSS 9.1
CVE-2024-40514 MEDIUM
themesebrand Chatvia <5.3.2 - Privilege Escalation
CVSS 4.6
CVE-2024-57684 CRITICAL
D-Link DIR-816A2_FWv1.10CNB05_R1B011D88210 - Unauthenticated DMZ Configuration Change via formDMZ.cgi
CVSS 9.8
CVE-2024-52783 MEDIUM
XINJE XDPPro.exe 3.2.2-3.7.17c - Arbitrary Code Execution via Configuration File Modification
CVSS 5.1
CVE-2024-46464 HIGH
PRIMX ZED Enterprise <2024.3 - Privilege Escalation
CVSS 7.8
CVE-2024-55225 CRITICAL
Vaultwarden < 1.32.5 - Authentication Bypass via Crafted Authorization Request
CVSS 9.8
CVE-2024-46505 CRITICAL
Infoblox BloxOne v2.4 - Info Disclosure
CVSS 9.1
CVE-2024-13206 HIGH
REVE Antivirus 1.0.0.0 - Info Disclosure
CVSS 7.8
CVE-2024-13188 MEDIUM
MicroWorld eScan Antivirus 7.0.32 - Info Disclosure
CVSS 5.3
CVE-2024-56447 HIGH
Window Management Module - Info Disclosure
CVSS 7.8
CVE-2024-56440 MEDIUM
Connectivity module - Info Disclosure
CVSS 6.2
Details
Vulnerabilities 1,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits