CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276
CVE-2024-36063 HIGH
Goodwy dialer <5.1.0 - Code Injection
CVSS 7.5
CVE-2024-34679 MEDIUM
Samsung Android - Incorrect Default Permissions in Crane
CVSS 4.0
CVE-2024-9191 HIGH
Okta Verify 5.0.2-5.3.2 - Unauthenticated Password Exposure via OktaDeviceAccessPipe
CVSS 7.1
CVE-2024-48572 MEDIUM
aquilacms < 1.409.20 - Unauthenticated User Enumeration via Add User Feature
CVSS 5.3
CVE-2024-44228 HIGH
Xcode < 16 - Unprotected User Data Exposure via Permission Inheritance
CVSS 7.5
CVE-2024-40792 LOW
macOS Sequoia <15 - Privilege Escalation
CVSS 3.3
CVE-2024-42028 HIGH
UniFi Network Server <8.4.62 - Privilege Escalation
CVSS 8.8
CVE-2024-10469 MEDIUM
VINCE < 3.0.9 - Authenticated User Information Exposure
CVSS 6.5
CVE-2024-47016 HIGH
Insecure Default - Privilege Escalation
CVSS 7.8
CVE-2024-47014 HIGH
Android <2024-10-05 - Privilege Escalation
CVSS 8.8
CVE-2024-47013 HIGH
Android - Local Privilege Escalation via Uninitialized Data in flexpmu_cal_rae.c
CVSS 7.8
CVE-2024-47012 HIGH
Google Android - Memory Corruption in mm_GmmPduCodec
CVSS 7.8
CVE-2024-44100 HIGH
Android < 2024-10-05 - Information Disclosure in Modem Component
CVSS 7.5
CVE-2024-9947 HIGH
ProfilePress Pro <4.11.1 - Auth Bypass
CVSS 8.1
CVE-2024-7587 HIGH
Mitsubishi Electric GENESIS64 <= 10.97.3 - Authenticated Info Disclosure & DoS via GenBroker32
CVSS 7.8
CVE-2024-10183 MEDIUM
Jamf Pro 11.1-11.4 and 1.0.0-1.2.9 - Local Privilege Escalation via Jamf Remote Assist
CVE-2024-35287 MEDIUM
Mitel MiCollab <= 9.8.1.5 - Authenticated Privilege Escalation via NuPoint Messenger Component
CVSS 6.7
CVE-2024-47825 MEDIUM
Cilium <1.14.16, <1.15.10 - Info Disclosure
CVSS 4.0
CVE-2024-47240 MEDIUM
Dell SCG 5.24 - Privilege Escalation
CVSS 5.5
CVE-2024-49389 HIGH
Acronis Cyber Files <9.0.0x24 - Privilege Escalation
CVSS 7.8
CVE-2024-9858 HIGH
Google Cloud Migrate to Containers 1.1.0-1.2.2 - Insecure Default Administrator Privileges for Local User
CVSS 7.8
CVE-2024-48823 CRITICAL
Automatic Systems Maintenance SlimLane 29565 - Privilege Escalation
CVSS 9.8
CVE-2024-48822 HIGH
Automatic Systems Maintenance SlimLane 29565_d74ecce0- Privilege Es...
CVSS 8.8
CVE-2024-5474 MEDIUM
Lenovo Dolby Vision Provisioning < 2.0.0.2 - Information Disclosure via Insecure Installation Permissions
CVSS 5.5
CVE-2024-39544 MEDIUM
Junos OS Evolved Sensitive Information Exposure via NETCONF Traceoptions Files
CVSS 5.0
Details
Vulnerabilities 1,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits