CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2021-43325 HIGH
Automox Agent 33 - Privilege Escalation
CVSS 7.8
CVE-2021-44833 CRITICAL
Amazon AWS OpenSearch CLI 1.0.0 - Incorrect Default Permissions
CVSS 9.8
CVE-2021-21957 HIGH
Dream Report ODS Remote Connector 20.2.16900.0 - Privilege Escalation via Malicious File
CVSS 7.3
CVE-2021-42711 HIGH
Barracuda Network Access Client < 5.2.2 - Privilege Escalation via Insecure Temporary File Permissions
CVSS 7.8
CVE-2021-31822 HIGH
Octopus Tentacle 3.15.4-6.1.1116 - Local Privilege Escalation via Systemd Service File Permissions
CVSS 7.8
CVE-2021-44140 CRITICAL
Apache JSPWiki < 2.11.0 - Arbitrary File Deletion via Logout Request
CVSS 9.1
CVE-2021-37030 HIGH
Huawei Magic UI - Incorrect Default Permissions
CVSS 7.5
CVE-2021-33071 HIGH
Intel(R) oneAPI Rendering Toolkit <2021.2 - Privilege Escalation
CVSS 7.8
CVE-2021-33062 HIGH
Intel VTune Profiler <2021.3.0 - Privilege Escalation
CVSS 7.8
CVE-2021-0065 HIGH
Intel WiFi Firmware < 22.40 - Authenticated Privilege Escalation via Incorrect Default Permissions
CVSS 7.8
CVE-2021-33092 HIGH
Intel Nuc M15 Laptop Kit Hid Event Filter Driver Pack < 2.2.1.383 - Incorrect Default Permissions
CVSS 7.8
CVE-2021-33090 HIGH
Intel(R) NUC HDMI Firmware Update Tool - Privilege Escalation
CVSS 7.8
CVE-2021-33088 HIGH
Intel Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack < 5.4.1.4449 - Incorrect Default Permissions
CVSS 7.8
CVE-2021-3720 MEDIUM
Lenovo Legion Phone Pro and Phone2 Pro Firmware - Unprotected GPS Data Exposure via Time Weather Widget
CVSS 5.5
CVE-2021-43199 MEDIUM
JetBrains TeamCity <2021.1.2 - Privilege Escalation
CVSS 5.3
CVE-2021-38420 HIGH
Delta Electronics DIALink <1.2.4.0 - Privilege Escalation
CVSS 7.8
CVE-2021-3579 HIGH
Bitdefender <7.2.1.65 - Privilege Escalation
CVSS 7.8
CVE-2021-36990 CRITICAL
Huawei EMUI and Magic UI - Privilege Escalation via Kernel Tampering
CVSS 9.8
CVE-2021-36989 CRITICAL
Huawei EMUI and Magic UI - Kernel Crash and Privilege Escalation via Incorrect Default Permissions
CVSS 9.8
CVE-2021-22475 MEDIUM
Huawei Smartphone - Info Disclosure
CVSS 5.3
CVE-2021-38379 MEDIUM
CFEngine Enterprise <3.18.0 - Info Disclosure
CVSS 5.5
CVE-2021-37363 HIGH
Gestionale Open 11.00.00 - Insecure Permissions Leading to Privilege Escalation via mysqld.exe Replacement
CVSS 7.8
CVE-2021-42011 HIGH
Trend Micro Apex One - Incorrect Default Permissions
CVSS 7.8
CVE-2021-40123 MEDIUM
Cisco Identity Services Engine - Authenticated Arbitrary File Download via Web Interface
CVSS 4.3
CVE-2021-42055 MEDIUM
ASUSTek ZenBook Pro Due 15 UX582 Firmware < 303 - Insecure Permissions
CVSS 6.8
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits