CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276
CVE-2024-46462 HIGH
ZEDMAIL <2024.3 - Privilege Escalation
CVSS 7.8
CVE-2024-42188 LOW
HCL Connections - Unauthenticated Broken Access Control
CVSS 3.7
CVE-2024-52551 HIGH
Jenkins Pipeline < 2.2214.vb_b_34b_2ea_9b_83 - Unapproved Script Execution via Build Restart
CVSS 8.0
CVE-2024-35201 MEDIUM
Intel Server Debug and Provisioning Tool - Incorrect Default Permissions
CVSS 6.7
CVE-2024-29083 MEDIUM
Intel(R) Distribution for Python <2024.2 - Privilege Escalation
CVSS 6.7
CVE-2024-25647 MEDIUM
Intel(R) Binary Configuration Tool <3.4.5 - Privilege Escalation
CVSS 6.7
CVE-2024-21820 HIGH
Intel(R) Xeon(R) processor < - Privilege Escalation
CVSS 7.2
CVE-2024-43089 HIGH
MediaProvider <updateInternal> - Privilege Escalation
CVSS 7.8
CVE-2024-43086 MEDIUM
Android - Local Information Disclosure via Confused Deputy in AccountManagerService
CVSS 5.5
CVE-2024-43085 HIGH
Android - Local Privilege Escalation via USB Device Manager Logic Error
CVSS 7.8
CVE-2024-43081 HIGH
Android - Local Privilege Escalation via InstallPackageHelper Logic Error
CVSS 7.8
CVE-2024-40661 HIGH
Android - Missing Authorization for Microphone Access in AdminRestrictedPermissionsUtils
CVSS 7.8
CVE-2024-40660 HIGH
Android - Local Privilege Escalation via SurfaceFlinger setTransactionState Logic Error
CVSS 7.8
CVE-2024-49504 HIGH
openSUSE Tumbleweed < 2.12-28.1 - Unauthenticated File Access via GRUB Shell
CVE-2024-21958 HIGH
AMD Provisioning Console - Privilege Escalation
CVSS 7.3
CVE-2024-21957 HIGH
AMD Management Console - Privilege Escalation
CVSS 7.3
CVE-2024-21946 HIGH
AMD Ryzen Master Utility < 2.13.1.3097 - Privilege Escalation via Incorrect Default Permissions
CVSS 7.3
CVE-2024-21945 HIGH
AMD Ryzen Master Monitoring SDK < 2.13.0.2915 - Privilege Escalation via Incorrect Default Permissions
CVSS 7.3
CVE-2024-21939 HIGH
AMD Cloud Manageability Service < 2.0.0.232 - Privilege Escalation via Insecure Installation Directory Permissions
CVSS 7.3
CVE-2024-21938 HIGH
AMD Management Plugin for SCCM < 7.0.0.1318 - Privilege Escalation via Incorrect Default Permissions
CVSS 7.3
CVE-2024-21937 HIGH
AMD Radeon Software < 24.6.1, < 24.7.1, < 24.q2 & HIP < 24.10.16 - Privilege Escalation via Default Permissions
CVSS 7.3
CVE-2024-46894 MEDIUM
SINEC INS < V1.0 SP2 Update 3 - Authenticated Information Disclosure and Configuration Modification via SFTP Users API
CVSS 6.3
CVE-2024-47593 MEDIUM
SAP NetWeaver Application Server ABAP - Info Disclosure
CVSS 4.3
CVE-2024-43430 MEDIUM
Moodle 4.4.0-4.4.2 - Insufficient Access Control in External API Quiz Access
CVSS 5.3
CVE-2024-50590 HIGH
Elefant <unknown - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 1,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits