CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2023-32399 MEDIUM
iPadOS < 16.5 - Unprotected User Data Exposure via Cache Handling
CVSS 5.5
CVE-2023-32351 HIGH
iTunes < 12.12.9 - Privilege Escalation via Logic Issue
CVSS 7.8
CVE-2023-23344 LOW
BigFix WebUI Insights 14 - Authenticated Missing Authorization
CVSS 3.0
CVE-2023-30905 HIGH
HPE SGI UV300 and Integrity MC990 X RMC Firmware < 1.2.7 - Incorrect Default Permissions
CVSS 7.8
CVE-2023-25645 HIGH
ZTE AndroidTV STBs - Unauthenticated Data Deletion via Improper Permission Settings
CVSS 7.7
CVE-2023-21139 HIGH
Android 13 - Unsafe Intent Handling in MediaControlPanel
CVSS 7.8
CVE-2023-21138 HIGH
Android 11-13 - Local Privilege Escalation via CallRedirectionProcessor Input Validation
CVSS 7.8
CVE-2023-21129 HIGH
Android - Local Privilege Escalation via Background Activity Launch Bypass
CVSS 7.8
CVE-2023-21128 HIGH
Android 11-13 - Local Privilege Escalation via AppStandbyController Logic Error
CVSS 7.8
CVE-2023-21126 HIGH
Android 13 - Unauthenticated Local Privilege Escalation via Unsafe Intent in MediaControlPanel
CVSS 7.8
CVE-2023-21121 HIGH
Android 11-12 - Local Privilege Escalation via AppManagementFragment Input Validation
CVSS 7.8
CVE-2023-32221 HIGH
EaseUS Todo Backup 20220111.390 - Privilege Escalation via Incorrect Default Permissions
CVSS 8.8
CVE-2023-31116 CRITICAL
Samsung Exynos Modem - Info Disclosure
CVSS 9.8
CVE-2023-33282 CRITICAL
Marval MSM <= 14.19.0.12476 and 15.0 - Unauthenticated Default Credentials Exposure
CVSS 9.8
CVE-2023-33966 HIGH
Deno 1.34.0 - Improper Privilege Management in Node HTTP/HTTPS Modules
CVSS 8.6
CVE-2023-2749 HIGH
ASUSTOR Download Center < 1.1.5.r1298 - Unauthenticated Path Traversal and Arbitrary File Read
CVSS 8.6
CVE-2023-29733 HIGH
Lock Master 2.2.4 - Unauthorized SharedPreference Modification
CVSS 7.8
CVE-2023-29732 CRITICAL
SoLive 1.6.14-1.6.20 - Unauthenticated SharedPreference Data Manipulation via Exposed Component
CVSS 9.8
CVE-2023-29731 HIGH
SoLive 1.6.14-1.6.20 - Denial of Service via SharedPreference Injection
CVSS 7.5
CVE-2023-28079 HIGH
Dell PowerPath 7.0-7.2 - Privilege Escalation via Insecure File and Folder Permissions
CVSS 7.0
CVE-2023-32698 HIGH
goreleaser nfpm < 2.29.0 - Incorrect Default Permissions
CVSS 7.1
CVE-2023-33291 HIGH
ebankIT 6 - Unauthenticated Arbitrary OTP Generation via Public Token Endpoints
CVSS 7.4
CVE-2023-29919 CRITICAL
SolarView Compact <= 6.0 - Unauthenticated Arbitrary File Read and Write via texteditor.php
CVSS 9.1
CVE-2023-29838 HIGH
Allwaysync - Incorrect Default Permissions
CVSS 7.8
CVE-2023-1693 HIGH
Settings Module - Privilege Escalation
CVSS 7.5
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits