CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276
CVE-2024-34617 MEDIUM
Telephony <SMR Aug-2024 Release 1 - Privilege Escalation
CVSS 4.0
CVE-2024-34616 MEDIUM
KnoxDualDARPolicy <SMR Aug-2024 Release 1 - Info Disclosure
CVSS 5.1
CVE-2024-7525 HIGH
Firefox < 129 and ESR < 115.14 - Improper Access Control via StreamFilter
CVSS 8.1
CVE-2024-43114 HIGH
JetBrains TeamCity <2024.07.1 - Privilege Escalation
CVSS 7.5
CVE-2024-6974 HIGH
Cato Networks SDP Client < 5.10.34 - Local Privilege Escalation via Self-Upgrade
CVSS 8.8
CVE-2024-40805 HIGH
watchOS 10.6-macOS Sonoma 14.6-iOS 17.6-iPadOS 17.6-tvOS 17.6 - Pri...
CVSS 7.1
CVE-2024-27888 MEDIUM
macOS Sonoma <14.4 - Info Disclosure
CVSS 5.5
CVE-2024-42053 HIGH
Splashtop Streamer < 3.6.0.0 - Privilege Escalation via Weak MSI Installer Folder Permissions
CVSS 7.8
CVE-2024-36541 HIGH
logging-operator <4.6.0 - Privilege Escalation
CVSS 8.8
CVE-2024-6122 MEDIUM
NI SystemLink Server < 2024 Q1 - Information Disclosure via Incorrect Directory Permissions
CVSS 5.5
CVE-2024-5321 MEDIUM
Kubernetes Windows Node Container Logs Incorrect Default Permissions
CVSS 6.1
CVE-2024-21123 LOW
Oracle Database Server 19.3-19.23 - Authenticated Unauthorized Data Manipulation via Core Component
CVSS 2.3
CVE-2024-21122 MEDIUM
Oracle PeopleSoft Enterprise HCM Shared Components 9.2 - Unauthorized Data Access via Text Catalog
CVSS 5.4
CVE-2024-6326 MEDIUM
Rockwell Automation FactoryTalk - Info Disclosure
CVSS 5.5
CVE-2024-6325 MEDIUM
Rockwell Automation FactoryTalk <6.40 - Privilege Escalation
CVSS 6.5
CVE-2024-32861 HIGH
Software House C•CURE 9000 - Privilege Escalation
CVSS 7.8
CVE-2024-3779 MEDIUM
ESET Internet Security < 17.2.7.0 - Denial of Service
CVSS 6.1
CVE-2024-6148 HIGH
Citrix Workspace app for HTML5 - Auth Bypass
CVSS 8.8
CVE-2024-31312 MEDIUM
Android - Local Information Disclosure via Missing Permission Check
CVSS 5.5
CVE-2024-22062 MEDIUM
ZXCLOUD IRAI - Privilege Escalation
CVSS 6.3
CVE-2024-3904 HIGH
Mitsubishi MELIPC MI5122-VW Gateway 05-07 - Local Code Execution
CVSS 8.8
CVE-2024-4679 HIGH
Hitachi JP1/Extensible SNMP Agent - File Manipulation
CVSS 7.8
CVE-2024-2819 MEDIUM
Hitachi Ops Center Common Services <11.0.2-00 - Privilege Escalation
CVSS 5.1
CVE-2024-35139 MEDIUM
IBM Security Access Manager 10.0.0.0-10.0.7.1 - Sensitive Information Exposure via Incorrect Default Permissions
CVSS 6.2
CVE-2024-39347 MEDIUM
Synology Router Manager 1.2-1.2.5-8227 - Incorrect Default Permissions in Firewall Functionality
CVSS 5.9
Details
Vulnerabilities 1,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits