CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2021-42098 HIGH
Devolutions Remote Desktop Manager < 2021.2.16 - Permission Bypass via Batch Custom PowerShell
CVSS 8.8
CVE-2021-29005 HIGH
rConfig 3.9.6 - Incorrect Default Permissions via chmod Command
CVSS 8.8
CVE-2021-39886 LOW
GitLab 10.6.0-14.1.7 - Unauthenticated Confidential Epic Reference Exposure via Issue Move
CVSS 2.6
CVE-2021-33923 MEDIUM
Confluent cp-ansible 5.5.0-5.5.2, 6.0.0 - Incorrect Default Permissions
CVSS 5.5
CVE-2021-36365 CRITICAL
Nagios XI <5.8.5 - Privilege Escalation
CVSS 9.8
CVE-2021-36363 CRITICAL
Nagios XI <5.8.5 - Privilege Escalation
CVSS 9.8
CVE-2021-20037 HIGH
SonicWall Global VPN Client < 4.10.5 - Privilege Escalation via Incorrect Default File Permissions
CVSS 7.8
CVE-2021-1832 MEDIUM
iPadOS < 14.5 - Unprotected File Permission Exposure via Copied Files
CVSS 5.5
CVE-2021-1831 MEDIUM
iPadOS < 14.5 - Unprotected User Data Exposure via Shortcuts
CVSS 5.5
CVE-2021-30750 MEDIUM
macOS Big Sur <11.3 - Info Disclosure
CVSS 5.5
CVE-2021-31007 MEDIUM
iPadOS < 15.1 - Privacy Preferences Bypass via Permissions Issue
CVSS 5.5
CVE-2021-31006 MEDIUM
watchOS <7.6, tvOS <14.7, macOS Big Sur <11.5 - Privilege Escalation
CVSS 5.5
CVE-2021-31000 LOW
iPadOS < 15.2 - Unauthorized Sensitive Contact Information Access
CVSS 3.3
CVE-2021-30999 MEDIUM
iPadOS < 14.6 - Unprotected User Data Exposure via Browsing History Deletion
CVSS 4.3
CVE-2021-39274 CRITICAL
XeroSecurity Sn1per 9.0 - Incorrect Default Permissions
CVSS 9.8
CVE-2021-39273 HIGH
XeroSecurity Sn1per 9.0 - Unauthenticated Arbitrary Code Execution via Insecure Default Permissions
CVSS 8.8
CVE-2021-37351 MEDIUM
Nagios XI < 5.8.5 - Unauthenticated Access to Guarded Pages via Crafted HTTP Request
CVSS 5.3
CVE-2021-35312 HIGH
CIR 2000 / Gestionale Amica Prodigy v1.7 - Privilege Escalation
CVSS 7.8
CVE-2021-36795 HIGH
Cohesity Linux Agent < 6.5.1d - Incorrect Default Permissions
CVSS 7.8
CVE-2021-22295 MEDIUM
HarmonyOS - Permission Bypass via OsVmPageFaultHandler
CVSS 5.5
CVE-2021-32464 HIGH
Trend Micro Apex One - Privilege Escalation via Script Modification
CVSS 7.8
CVE-2021-33334 MEDIUM
Liferay Portal/DXP <7.3.2/7.0 - Info Disclosure
CVSS 4.3
CVE-2021-33333 MEDIUM
Liferay Portal <7.3.2 & DXP <7.0-7.2 - Privilege Escalation
CVSS 6.3
CVE-2021-33327 MEDIUM
Liferay Portal <7.3.4 - Privilege Escalation
CVSS 4.3
CVE-2021-33324 MEDIUM
Liferay Portal/DXP - Privilege Escalation
CVSS 4.3
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits