CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276
CVE-2024-23301 MEDIUM
Relax-and-Recover < 2.7 - Incorrect Default Permissions in initrd
CVSS 5.5
CVE-2023-31359 HIGH
AMD Manageability API - Privilege Escalation
CVSS 7.3
CVE-2023-31358 HIGH
AMD Manageability API - Privilege Escalation
CVSS 7.3
CVE-2023-31360 HIGH
AMD AIM-T >=4.0.0.722 - Privilege Escalation via Incorrect Default Permissions
CVSS 7.3
CVE-2023-40132 HIGH
Android - Local Privilege Escalation via RingtoneManager Permission Bypass
CVSS 7.8
CVE-2023-1907 HIGH
pgadmin < 7.0 - Unauthenticated Session Hijacking via LDAP Authentication
CVSS 8.0
CVE-2023-52954 MEDIUM
Huawei EMUI and HarmonyOS - Denial of Service via Gallery Module Permission Control
CVSS 4.4
CVE-2023-21270 HIGH
Android - Local Privilege Escalation via Incorrect Permission Flags
CVSS 7.8
CVE-2023-27195 CRITICAL
Trimble TM4Web 22.2.0 - Info Disclosure
CVSS 9.8
CVE-2023-42133 MEDIUM
PAX Android based POS devices - Privilege Escalation
CVSS 6.7
CVE-2023-45896 HIGH
Linux kernel <6.8.0 - Info Disclosure
CVSS 7.1
CVE-2023-43747 MEDIUM
Intel(R) Connectivity Performance Suite <2.0 - Privilege Escalation
CVSS 6.7
CVE-2023-31349 HIGH
AMD Prof < 4.1.424, < 4.2.816, < 4.2.845 - Privilege Escalation via Incorrect Default Permissions
CVSS 7.3
CVE-2023-38370 HIGH
IBM Security Access Manager Docker <10.0.8 - Privilege Escalation
CVSS 7.5
CVE-2023-43629 HIGH
Intel(R) GPA <2023.3 - Privilege Escalation
CVSS 7.8
CVE-2023-42668 MEDIUM
Intel(R) Server Boards <1.14 - Privilege Escalation
CVSS 6.7
CVE-2023-42433 MEDIUM
Endurance Gaming Mode <1.3.937.0 - Privilege Escalation
CVSS 6.7
CVE-2023-24460 HIGH
Intel(R) GPA <2023.3 - Privilege Escalation
CVSS 8.2
CVE-2023-46870 HIGH
Nordic Semiconductor nRF Sniffer for Bluetooth LE <4.1.1 - RCE
CVSS 7.3
CVE-2023-46270 LOW
MacPaw The Unarchiver <4.3.6 - Info Disclosure
CVSS 3.3
CVE-2023-23976 HIGH
RegistrationMagic <5.1.9.2 - Info Disclosure
CVSS 7.5
CVE-2023-38295 HIGH
TCL 30Z and 10L Android Devices - Unauthenticated Arbitrary File Read/Write via Missing Permission
CVSS 7.8
CVE-2023-38294 MEDIUM
Itel Vision 3 Turbo - Unauthenticated Arbitrary Command Execution via com.transsion.autotest.factory Broadcast Intent
CVSS 6.1
CVE-2023-38291 HIGH
TCL/Motorola devices - Info Disclosure
CVSS 7.1
CVE-2023-52545 HIGH
Huawei EMUI and HarmonyOS - Incorrect Default Permissions in Calendar App
CVSS 7.5
Details
Vulnerabilities 1,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits