CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276
CVE-2024-9167 HIGH
Ivanti Velocity License Server < 5.2 - Authenticated Local Privilege Escalation via Insecure Permissions
CVSS 7.8
CVE-2024-8037 MEDIUM
Juju Hook Tool - Privilege Escalation
CVSS 6.5
CVE-2024-46544 MEDIUM
Apache Tomcat Connectors 1.2.9-1.2.49 - Incorrect Default Permissions in mod_jk Shared Memory
CVSS 5.9
CVE-2024-44151 MEDIUM
macOS < 13.7, < 14.7, < 15 - Unprotected User Data Exposure via Path Handling Issue
CVSS 5.5
CVE-2024-44135 MEDIUM
macOS < 14.7 - Unprotected User Data Exposure via App Sandbox Container
CVSS 5.5
CVE-2024-39924 HIGH
Vaultwarden 1.30.3 - Unauthenticated Privilege Escalation via Emergency Access Metadata Manipulation
CVSS 8.8
CVE-2024-46695 MEDIUM
Linux Kernel < 6.6.49 - Incorrect Default Permissions via NFS Security Label Change
CVSS 4.4
CVE-2024-8533 HIGH
Rockwell Automation - Privilege Escalation
CVSS 8.8
CVE-2024-38222 MEDIUM
Microsoft Edge < 128.0.2739.42 - Information Disclosure via Incorrect Default Permissions
CVSS 6.5
CVE-2024-40655 HIGH
Android - Local Privilege Escalation via CallScreeningServiceHelper Permission Bypass
CVSS 7.8
CVE-2024-40654 HIGH
Confused Deputy - Privilege Escalation
CVSS 7.8
CVE-2024-34661 MEDIUM
Samsung Assistant < 9.1.00.7 - Unauthenticated Location Data Exposure via Insufficient Permissions
CVSS 4.3
CVE-2024-34648 MEDIUM
Samsung Android KnoxMiscPolicy - Unprotected Sensitive Data Exposure via Insufficient Permissions
CVSS 5.1
CVE-2024-34018 MEDIUM
Acronis Snap Deploy <4569 - Info Disclosure
CVSS 5.5
CVE-2024-44760 HIGH
Shenzhou News Union Enterprise Management System <18.8 - Incorrect Access Control
CVSS 7.5
CVE-2024-43791 HIGH
request_store 1.3.2 - Arbitrary Code Execution via World-Writable Files
CVSS 7.8
CVE-2024-4763 HIGH
Lenovo LDCC/LADM - Privilege Escalation
CVSS 7.8
CVE-2024-2175 HIGH
Lenovo LDCC/LADM - Privilege Escalation
CVSS 7.8
CVE-2024-42681 HIGH
xxl-job <= 2.4.1 Sub-Task ID - Insecure Permissions Code Execution
CVSS 8.8
CVE-2024-27461 MEDIUM
Intel Memory and Storage Tool GUI < 2.5.0 - Authenticated Denial of Service via Incorrect Default Permissions
CVSS 5.6
CVE-2024-26025 MEDIUM
Intel Advisor < 2024.1 - Authenticated Privilege Escalation via Incorrect Default Permissions
CVSS 6.7
CVE-2024-23974 MEDIUM
Intel(R) ISH - Privilege Escalation
CVSS 6.7
CVE-2024-23495 MEDIUM
Intel Distribution for GDB < 2024.0.1 - Authenticated Privilege Escalation via Incorrect Default Permissions
CVSS 6.7
CVE-2024-22378 MEDIUM
Intel Unite(R) Client Extended Display Plugin <1.1.352.157 - Privil...
CVSS 6.7
CVE-2024-6640 MEDIUM
FreeBSD 14.1-RELEASE < p3, 14.0-RELEASE < p9, 13.3-RELEASE < p5 - ICMPv6 Firewall Bypass
CVSS 6.3
Details
Vulnerabilities 1,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits