CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2022-42718 HIGH
NI LabVIEW Command Line Interface < 22.3.1 - Authenticated Privilege Escalation via Installation Folder Permissions
CVSS 7.8
CVE-2022-4020 HIGH
Acer Notebook - Privilege Escalation
CVSS 8.1
CVE-2022-41943 CRITICAL
sourcegraph < 4.1.0 - Authenticated Remote Code Execution via Experimental customGitFetch Feature
CVSS 9.0
CVE-2022-42130 MEDIUM
Liferay DXP 7.1.0-7.4.3.4 - Authenticated Incorrect Default Permissions in Dynamic Data Mapping
CVSS 4.3
CVE-2022-42128 MEDIUM
Liferay Portal 7.4.1-7.4.3.4 and Liferay DXP 7.4 GA - Incorrect Default Permissions in Hypermedia REST APIs
CVSS 5.3
CVE-2022-42127 MEDIUM
Liferay Portal 7.4.3.5-7.4.3.36 and DXP 7.4 update 1-36 - Unauthenticated Information Disclosure via Friendly URL Module
CVSS 5.3
CVE-2022-36377 MEDIUM
Intel(R) Wireless Adapter Driver <22.190.0.3 - Privilege Escalation
CVSS 6.7
CVE-2022-36367 MEDIUM
Intel(R) Support <v22.02.28 - Info Disclosure
CVSS 4.4
CVE-2022-44561 HIGH
Huawei EMUI and HarmonyOS - Unauthorized Widget and Shortcut Addition via Preset Launcher Module
CVSS 7.5
CVE-2022-44557 HIGH
HarmonyOS - Incorrect Default Permissions in SmartTrimProcessEvent
CVSS 7.5
CVE-2022-44554 HIGH
HarmonyOS - Incorrect Default Permissions in Power Module
CVSS 7.5
CVE-2022-44548 MEDIUM
HarmonyOS and EMUI - Incorrect Default Permissions in Bluetooth Pairing Process
CVSS 4.3
CVE-2022-34824 CRITICAL
EXPRESSCLUSTER X < 5.0 - Unauthenticated Arbitrary File Write via Weak File Permissions
CVSS 9.8
CVE-2022-20465 MEDIUM
Android - Lockscreen Bypass via KeyguardHostViewController Logic Error
CVSS 4.6
CVE-2022-20452 HIGH
Android <13 - Local Privilege Escalation
CVSS 7.8
CVE-2022-20448 MEDIUM
Android - Local Privilege Escalation via NotificationManagerService Permissions Bypass
CVSS 5.5
CVE-2022-20441 HIGH
Android - Local Privilege Escalation via Unexported Intent Handler Launch
CVSS 7.8
CVE-2022-43574 HIGH
IBM Robotic Process Automation <21.0.6 - Privilege Escalation
CVSS 7.5
CVE-2022-33182 HIGH
Brocade Fabric OS <9.1.0 - Privilege Escalation
CVSS 7.8
CVE-2022-36439 MEDIUM
ASUS System Control Interface <3.1.5.0 - Local Privilege Escalation
CVSS 6.0
CVE-2022-36438 HIGH
AsusSwitch.exe <1.0.10.0 - Privilege Escalation
CVSS 7.8
CVE-2022-3368 HIGH
Avira Security <1.1.72.30556 - Privilege Escalation
CVSS 7.3
CVE-2022-42464 MEDIUM
OpenHarmony < 3.0.6 - Kernel Memory Pool Override via /dev/mmz_userdev Driver
CVSS 6.7
CVE-2022-36803 HIGH
Atlassian Jira Align < 10.109.2 - Authenticated Privilege Escalation via MasterUserEdit API
CVSS 8.8
CVE-2022-40187 HIGH
Foresight GC3 Launch Monitor < 1.5.0.2 - Unauthenticated Remote Code Execution via TCF Service
CVSS 8.0
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits