CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2021-0486 HIGH
Android 10-11 - Local Privilege Escalation via Permission Bypass in PermissionManagerService
CVSS 7.8
CVE-2021-0441 HIGH
Android 11 - Local Privilege Escalation via Confusing Permission UI
CVSS 7.3
CVE-2021-31217 CRITICAL
SolarWinds DameWare Mini Remote Control Server 12.0.1.200 - Unauthenticated File Deletion via Insecure Permissions
CVSS 9.1
CVE-2021-32725 LOW
Nextcloud Server <19.0.13, <20.011, <21.0.3 - Info Disclosure
CVSS 3.5
CVE-2021-33214 MEDIUM
HMS Ewon eCatcher <6.6.4 - Info Disclosure
CVSS 6.1
CVE-2021-26274 HIGH
NinjaRMM 5.0.909 - Insecure Permissions
CVSS 7.1
CVE-2021-22346 MEDIUM
Huawei Smartphone - Info Disclosure
CVSS 5.3
CVE-2021-22368 HIGH
Huawei Smartphone - Privilege Escalation
CVSS 7.5
CVE-2021-22371 HIGH
Huawei Smartphone - Info Disclosure
CVSS 7.5
CVE-2021-20490 MEDIUM
IBM Spectrum Protect Plus <10.1.8 - DoS
CVSS 5.5
CVE-2021-21737 HIGH
ZTE ZXV10 B860H V5.0 - Incorrect Default Permissions
CVSS 7.5
CVE-2021-34395 LOW
NVIDIA Jetson Linux < 32.5.1 - Incorrect Default Permissions in Trusty TLK
CVSS 3.9
CVE-2021-34387 MEDIUM
NVIDIA Jetson Linux < 32.5.1 - Incorrect Default Permissions in TrustZone DRAM Mapping
CVSS 6.3
CVE-2021-0143 HIGH
Intel Brand Verification Tool < 11.0.0.1225 - Authenticated Privilege Escalation via Installer Permissions
CVSS 7.8
CVE-2021-31998 MEDIUM
inn < 2.4.2-170.21.3.1 - Incorrect Default Permissions
CVSS 6.8
CVE-2021-21736 HIGH
ZTE ZXHN HS562 Firmware V1.0.0.0B2.0000 V1.0.0.0B3.0000E - Incorrect Default Permissions
CVSS 7.2
CVE-2021-0106 HIGH
Intel Ipmctl < 2.00.00.3842 - Incorrect Default Permissions
CVSS 7.8
CVE-2021-0100 HIGH
Intel SSD Data Center Tool < 2020-12-31 - Authenticated Privilege Escalation via Incorrect Default Permissions
CVSS 7.8
CVE-2021-0058 HIGH
Intel LAPBC510 and LAPBC710 Firmware < 1.1 - Authenticated Privilege Escalation via Incorrect Default Permissions
CVSS 7.8
CVE-2021-27032 HIGH
Autodesk Licensing Services - Privilege Escalation via Weak Service Permissions
CVSS 7.8
CVE-2021-33506 HIGH
Jitsi Meet <2.0.5963-1 - Privilege Escalation
CVSS 7.5
CVE-2021-33038 HIGH
HyperKitty <1.3.4 - Info Disclosure
CVSS 7.5
CVE-2021-29052 MEDIUM
Liferay DXP and Portal 7.3.0-7.3.5 - Authenticated Data Structure Exposure via Data Engine API
CVSS 4.3
CVE-2021-31519 HIGH
Trend Micro HouseCall for Home Networks <= 5.3.1179 - Privilege Escalation via Installer Folder Permissions
CVSS 7.3
CVE-2021-28649 HIGH
Trend Micro HouseCall for Home Networks <= 5.3.1179 - Privilege Escalation via Installer Directory Permissions
CVSS 7.3
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits