CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2023-27593 MEDIUM
Cilium < 1.11.15, 1.12.8, 1.13.1 - Unauthenticated Arbitrary File Write via CNI Binary Replacement
CVSS 4.4
CVE-2023-1229 MEDIUM
Google Chrome < 111.0.5563.64 - Permission Prompt Bypass via Crafted HTML Page
CVSS 4.3
CVE-2023-25540 MEDIUM
Dell PowerScale OneFS 9.4.0.0-9.4.0.10 - Denial of Service via Arbitrary File Overwrite
CVSS 6.0
CVE-2023-23850 MEDIUM
Synopsys Jenkins Coverity Plugin <3.0.2 - Info Disclosure
CVSS 4.3
CVE-2023-23848 MEDIUM
Synopsys Jenkins Coverity Plugin <3.0.2 - Privilege Escalation
CVSS 4.3
CVE-2023-22931 MEDIUM
Splunk Enterprise < 8.1.13 and 8.2.10 - Improper Authorization in RSS Feed Creation
CVSS 4.3
CVE-2023-21433 HIGH
Samsung Galaxy Store < 4.5.49.8 - Improper Access Control
CVSS 7.8
CVE-2023-20043 MEDIUM
Cisco CX Cloud Agent - Privilege Escalation
CVSS 6.7
CVE-2023-23566 CRITICAL
Axigen Mail Server 10.3.3.52 - 2-Step Verification Bypass via IMAP/POP3 Account Addition
CVSS 9.8
CVE-2022-41572 CRITICAL
EyesOfNetwork <5.3.11 - Privilege Escalation
CVSS 9.8
CVE-2022-30355 CRITICAL
OvalEdge < 5.2.9 - Authenticated Account Takeover via Profile Update
CVSS 9.8
CVE-2022-25776 HIGH
Mautic 1.0.2-4.4.11 - Authenticated Incorrect Default Permissions
CVSS 8.3
CVE-2022-48685 HIGH
Logpoint SIEM 7.1.0-7.1.1 - Privilege Escalation via Writable Cron File
CVSS 7.7
CVE-2022-4964 MEDIUM
Ubuntu pipewire-pulse - Incorrect Default Permissions
CVSS 5.5
CVE-2022-45793 MEDIUM
Omron Sysmac Studio < 1.54 - Incorrect Default Permissions in Executable Directory
CVSS 5.5
CVE-2022-4575 MEDIUM
Lenovo ThinkPad Firmware - Secure Boot Bypass via UEFI Variable Write Protection
CVSS 6.7
CVE-2022-42150 CRITICAL
TinyLab linux-lab and cloud-lab - Incorrect Default Permissions
CVSS 10.0
CVE-2022-3431 MEDIUM
Lenovo IdeaPad Creator 5-16ACH6 Firmware - Incorrect Default Permissions
CVSS 6.7
CVE-2022-4039 HIGH
Red Hat Single Sign-On - Unauthenticated Incorrect Default Permissions in Management Interface
CVSS 8.0
CVE-2022-3466 MEDIUM
cri-o - Incorrect Default Permissions
CVSS 4.8
CVE-2022-43702 HIGH
ARM Compiler 5.00-5.06 and ARM Compiler for Functional Safety 6.6-6.6.5 - Improper Access Control in Installer Directory
CVSS 7.8
CVE-2022-43701 HIGH
Installation Directory - Code Injection
CVSS 7.8
CVE-2022-33877 HIGH
FortiClient/FortiConverter <7.0.6/6.4.8 - Local Privilege Escalation
CVSS 7.0
CVE-2022-4569 HIGH
ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool - Privil...
CVSS 7.8
CVE-2022-45853 MEDIUM
Zyxel GS1900 Series Firmware V2.70 - Authenticated Privilege Escalation via SSH
CVSS 6.7
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits