CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2022-23453 HIGH
HP Support Assistant < 9.11 - Privilege Escalation and Unauthorized File Modification
CVSS 7.8
CVE-2022-45099 HIGH
Dell PowerScale OneFS - Weak Encoding
CVSS 7.8
CVE-2022-48199 HIGH
SoftPerfect NetWorx 7.1.1 - Privilege Escalation via Notifications Function
CVSS 8.8
CVE-2022-47040 HIGH
ASKEY RTF3505VW-N1 Firmware - Privilege Escalation via tcpdump
CVSS 7.8
CVE-2022-3432 MEDIUM
Lenovo IdeaPad Y700-14ISK Firmware - Secure Boot Setting Modification via NVRAM Variable
CVSS 6.7
CVE-2022-20456 HIGH
Android - Local Privilege Escalation via AutomaticZenRule Resource Exhaustion
CVSS 7.8
CVE-2022-3430 MEDIUM
Lenovo D330-10IGL Firmware - Secure Boot Setting Modification via WMI Setup Driver
CVSS 6.7
CVE-2022-1109 MEDIUM
Lenovo Leyun < 6.8.21.99 - Denial of Service via Incorrect Default Permissions
CVSS 5.5
CVE-2022-45924 HIGH
OpenText Extended ECM 20.4-22.3 - Authenticated Arbitrary File Deletion via itemtemplate.createtemplate2 Endpoint
CVSS 8.1
CVE-2022-46761 HIGH
Huawei EMUI and HarmonyOS < 2.0 - Unauthenticated App Icon Manipulation
CVSS 7.5
CVE-2022-3155 HIGH
Thunderbird < 102.3 - Unprotected Application Execution via Missing macOS Quarantine Attribute
CVSS 7.8
CVE-2022-29909 HIGH
Firefox < 100.0 and Firefox ESR < 91.9 - Incorrect Default Permissions via Cross-Origin Browsing Context
CVSS 8.8
CVE-2022-47551 MEDIUM
apiman 1.5.7-2.2.3.Final - Unauthenticated Permission Bypass via Manager REST API
CVSS 6.5
CVE-2022-20611 HIGH
Android - Local Privilege Escalation via Carrier Restriction Bypass
CVSS 7.8
CVE-2022-20495 HIGH
Android - Local Privilege Escalation via Accessibility Service Logic Error
CVSS 7.8
CVE-2022-20475 HIGH
Android 11-13 - Local Privilege Escalation via ResetTargetTaskHelper Confused Deputy
CVSS 7.8
CVE-2022-20474 HIGH
Android - Local Privilege Escalation
CVSS 7.8
CVE-2022-42446 MEDIUM
HCL Sametime 12 - Unauthenticated User Directory Access and Chat Creation
CVSS 6.5
CVE-2022-37018 HIGH
HP Z1 G3 Firmware < 01.33 - Privilege Escalation and Code Execution
CVSS 8.4
CVE-2022-1038 HIGH
HP Jumpstart - Incorrect Default Permissions
CVSS 7.8
CVE-2022-45118 MEDIUM
OpenHarmony 3.1-3.1.2 - Unauthenticated Personal Data Exposure via Telephony Public Events
CVSS 6.2
CVE-2022-46382 HIGH
RackN Digital Rebar <4.10.8 - Privilege Escalation
CVSS 8.8
CVE-2022-27773 CRITICAL
Ivanti Endpoint Manager < 2021.1 - Privilege Escalation via Incorrect Default Permissions
CVSS 9.8
CVE-2022-45562 HIGH
Telos Alliance Omnia MPX Node 1.0.0-1.4.9 - Incorrect Default Permissions
CVSS 8.8
CVE-2022-44929 CRITICAL
D-Link DVG-G5402SP GE_1.03 - Unauthenticated Privilege Escalation via VoIP SIB Profile Editing
CVSS 9.8
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits