CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2023-33240 HIGH
Foxit PDF Reader/E <12.1.2 - Privilege Escalation
CVSS 7.8
CVE-2023-30281 MEDIUM
Store Commander scquickaccounting < 3.7.3 - Unauthenticated Sensitive Data Exposure via Export Feature
CVSS 6.5
CVE-2023-32999 MEDIUM
Jenkins AppSpider Plugin <= 1.0.15 - Missing Permission Check for HTTP POST Requests
CVSS 4.3
CVE-2023-32996 MEDIUM
Jenkins SAML Single Sign-On Plugin < 2.0.0 - Unauthenticated Email Spoofing via miniOrange API
CVSS 4.3
CVE-2023-21107 HIGH
Android - Local Privilege Escalation via NotificationAccessDetails Permission Bypass
CVSS 7.8
CVE-2023-21104 MEDIUM
Android 12L-13 - Local Information Disclosure via WindowOrganizer applySyncTransaction
CVSS 5.5
CVE-2023-27382 MEDIUM
Intel NUC P14E Laptop Element < 1.0.0.156 - Authenticated Privilege Escalation via Audio Service
CVSS 6.7
CVE-2023-22440 MEDIUM
Intel(R) SCS Add-on < - Privilege Escalation
CVSS 6.7
CVE-2023-28192 MEDIUM
macOS 11.0-11.7.4 - Unprotected Sensitive Location Data Exposure
CVSS 5.5
CVE-2023-23059 CRITICAL
GeoVision GV-Edge Recording Manager 2.2.3.0 - Incorrect Default Permissions
CVSS 9.8
CVE-2023-22651 CRITICAL
SUSE Rancher 2.6.0-2.7.1 and 2.7.2 - Privilege Escalation via Admission Webhook Misconfiguration
CVSS 9.9
CVE-2023-28724 HIGH
NGINX Management Suite - Privilege Escalation
CVSS 7.1
CVE-2023-1809 HIGH
WordPress Download Manager <6.3.0 - Info Disclosure
CVSS 7.5
CVE-2023-27035 MEDIUM
Obsidian Canvas 1.1.9 - Unauthenticated Sensitive Web API Access via Embedded Website
CVSS 6.5
CVE-2023-29058 MEDIUM
Lenovo ThinkAgile HX Series Firmware - Authenticated Privilege Escalation via XCC CLI
CVSS 6.4
CVE-2023-29057 HIGH
Lenovo ThinkAgile HX Series Firmware - Privilege Escalation via LDAP Local Account Permission Override
CVSS 7.3
CVE-2023-29923 MEDIUM
PowerJob V4.3.1 - Insecure Permissions via List Job Interface
CVSS 5.3
CVE-2023-28966 HIGH
Juniper Networks Junos OS Evolved <20.4R3-S5-EVO, <21.2R3-EVO - Pri...
CVSS 7.8
CVE-2023-27647 HIGH
DUALSPACE Lock Master 2.2.4 - Denial of Service and Information Disclosure via SharedPrefProviderEntryMethod
CVSS 7.1
CVE-2023-26918 CRITICAL
Diasoft File Replication Pro 7.5.0 - Privilege Escalation
CVSS 9.8
CVE-2023-22951 HIGH
TigerGraph Enterprise Free Edition 3.x - Unauthenticated Privilege Escalation via Exposed REST API Token
CVSS 8.8
CVE-2023-25542 HIGH
Dell Trusted Device Agent < 5.3.0 - Unauthenticated Privilege Escalation via Improper Installation Permissions
CVSS 7.0
CVE-2023-25355 HIGH
CoreDial sipXcom <= 21.04 - Privilege Escalation via Service File Overwrite
CVSS 8.8
CVE-2023-25941 HIGH
Dell PowerScale OneFS 9.1.0.0-9.1.0.27 - Privilege Escalation and Denial of Service via Incorrect Default Permissions
CVSS 7.8
CVE-2023-0181 HIGH
NVIDIA GPU Display Driver - Memory Corruption
CVSS 7.1
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits