CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2021-34164 HIGH
lizhifaka 2.2.0 - Authenticated Remote Code Execution via Admin Email Password Function
CVSS 8.8
CVE-2021-4297 MEDIUM
Jobe Project Jobe <1.6.4 - Vulnerability in Restapi Controller
CVSS 5.5
CVE-2021-3437 CRITICAL
HP OMEN Gaming Hub < 11.6.3.0 and OMEN Gaming Hub SDK < 1.0.44 - Incorrect Default Permissions
CVSS 9.8
CVE-2021-46834 MEDIUM
Huawei JAD-AL50 <102.0.0 - Privilege Escalation
CVSS 5.5
CVE-2021-3917 MEDIUM
coreos-installer < 0.10.0 - Incorrect Default Permissions in Ignition Config
CVSS 5.5
CVE-2021-3701 MEDIUM
ansible-runner >=2.0.0 <2.1.0 - Incorrect Default Permissions in Temporary Files
CVSS 6.6
CVE-2021-37289 HIGH
Planex MZK-DP150N 1.42 and 1.43 - Unauthenticated Remote Code Execution via syscmd.asp
CVSS 7.2
CVE-2021-44470 MEDIUM
Intel Connect M < 1.7.4 - Authenticated Information Disclosure via Incorrect Default Permissions
CVSS 5.5
CVE-2021-39087 MEDIUM
IBM Sterling B2b Integrator < 6.0.3.6 - Incorrect Default Permissions
CVSS 6.5
CVE-2021-30490 HIGH
ViewPower <1.04-21353 - Privilege Escalation
CVSS 7.8
CVE-2021-41637 HIGH
MELAG FTP Server 2.2.0.4 - Unauthenticated Sensitive Information Exposure via Incorrect Default Permissions
CVSS 7.1
CVE-2021-41635 HIGH
MELAG FTP Server 2.2.0.4 - Incorrect Default Permissions
CVSS 8.8
CVE-2021-46811 MEDIUM
Huawei EMUI - Incorrect Default Permissions in HwSEServiceAPP
CVSS 5.3
CVE-2021-3722 MEDIUM
Lenovo PCManager <4.0.40.2175 - DoS
CVSS 5.0
CVE-2021-43986 MEDIUM
Product Setup - Privilege Escalation
CVSS 6.0
CVE-2021-39794 HIGH
Android - Local Privilege Escalation via Wireless Debugging Missing Permission Check
CVSS 7.8
CVE-2021-39780 HIGH
Android 12L - Local Privilege Escalation via Traceur Missing Permission Check
CVSS 7.8
CVE-2021-39779 MEDIUM
Android 12L - Unauthenticated Local Information Disclosure via Telecom Service getCallStateUsingPackage
CVSS 5.5
CVE-2021-39770 MEDIUM
Android 12L - Local Information Disclosure via Missing Permission Check
CVSS 5.5
CVE-2021-39769 MEDIUM
Android 12L - Local Information Disclosure via Device Policy Missing Permission Check
CVSS 5.5
CVE-2021-39748 MEDIUM
Android 12L - Local Information Disclosure via Unsafe PendingIntent in InputMethodEditor
CVSS 5.5
CVE-2021-39747 MEDIUM
Android 12L - Local Information Disclosure via Settings Provider Permissions Bypass
CVSS 5.5
CVE-2021-1033 HIGH
Android - Local Privilege Escalation via Unsafe PendingIntent in ConnectedDevicesSliceProvider
CVSS 7.8
CVE-2021-1000 HIGH
Android - Local Privilege Escalation via Unsafe PendingIntent in ConnectedDevicesSliceProvider
CVSS 7.8
CVE-2021-40904 HIGH
CheckMK Raw Edition 1.5.0-1.6.0 - Authenticated Remote Code Execution via Dokuwiki Misconfiguration
CVSS 8.8
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits