CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2022-22424 MEDIUM
IBM QRadar SIEM <7.5 - Info Disclosure
CVSS 5.5
CVE-2022-34737 CRITICAL
Huawei EMUI - Incorrect Default Permissions
CVSS 9.1
CVE-2022-30758 MEDIUM
Finder <SMR Jul-2022 Release 1 - Info Disclosure
CVSS 4.0
CVE-2022-30753 LOW
SecSoterService <SMR Jul-2022 Release 1 - Info Disclosure
CVSS 3.3
CVE-2022-2366 MEDIUM
Mattermost Server <= 6.7.0 - Incorrect Default Permissions via Trusted IP Header
CVSS 5.6
CVE-2022-32207 CRITICAL
curl 7.69.0-7.83.1 - Unauthenticated File Permission Overwrite via Atomic Rename
CVSS 9.8
CVE-2022-33996 HIGH
Dovolations Server <2022.2 - Privilege Escalation
CVSS 8.8
CVE-2022-2270 LOW
GitLab 12.4-14.10.4, 15.0-15.0.3, 15.1 - Incorrect Default Permissions
CVSS 3.5
CVE-2022-33023 HIGH
CVA6 <909d85a - Privilege Escalation
CVSS 7.5
CVE-2022-1833 HIGH
AMQ Broker Operator 7.9.4 - Incorrect Default Permissions via Service Account
CVSS 8.8
CVE-2022-33912 HIGH
Checkmk Debian - Privilege Escalation
CVSS 7.8
CVE-2022-31072 LOW
octokit 4.23.0-4.24.0 - Incorrect Default Permissions
CVSS 2.5
CVE-2022-31071 LOW
Octopoller <0.2.0 - Info Disclosure
CVSS 2.5
CVE-2022-32562 HIGH
Couchbase Server 7.0.0-7.0.3 - Incorrect Default Permissions
CVSS 8.8
CVE-2022-25804 MEDIUM
IGEL Universal Management Suite 6.07.100 - Unauthenticated Sensitive Data Exposure via Insecure Registry Permissions
CVSS 5.5
CVE-2022-30747 MEDIUM
Smart Things <1.7.85.25 - Local File Access
CVSS 5.5
CVE-2022-31500 HIGH
KNIME Analytics Platform <4.6.0 - Privilege Escalation
CVSS 7.8
CVE-2022-29483 HIGH
ABB e-Design < 1.12.2.0004 - Incorrect Default Permissions
CVSS 7.8
CVE-2022-28702 MEDIUM
ABB e-Design - Privilege Escalation
CVSS 6.1
CVE-2022-29376 HIGH
Xampp for Windows <8.1.4 - Code Injection
CVSS 8.8
CVE-2022-28999 HIGH
Dev-C++ v4.9.9.2 - Arbitrary Code Execution via Insecure Install Permissions
CVSS 8.8
CVE-2022-28932 CRITICAL
D-Link DSL-G2452DG - Info Disclosure
CVSS 9.8
CVE-2022-29178 HIGH
Cilium <1.9.16, <1.10.11, <1.11.15 - Privilege Escalation
CVSS 8.8
CVE-2022-29162 MEDIUM
runc < 1.1.2 - Incorrect Default Permissions via Inheritable Capabilities
CVSS 5.9
CVE-2022-0997 LOW
Fidelis Network and Deception < 9.4.5 - Arbitrary Command Execution via Script File Modification
CVSS 3.9
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits