CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2020-24402 MEDIUM
Magento <2.4.0, 2.3.5p1 - Privilege Escalation
CVSS 4.9
CVE-2020-13537 HIGH
Moxa MXView 3.1.8 - Privilege Escalation
CVSS 7.8
CVE-2020-13536 HIGH
Moxa MXView 3.1.8 - Privilege Escalation
CVSS 7.8
CVE-2020-28044 MEDIUM
ProlinOS <= 2.4.161.8859r - Unauthenticated Arbitrary File Manipulation via Management Mode
CVSS 6.8
CVE-2020-28041 MEDIUM
NETGEAR Nighthawk R7000 Firmware 1.0.9.64_10.2.64 - Unauthenticated NAT Slipstreaming via SIP ALG
CVSS 6.5
CVE-2020-27358 MEDIUM
REDCap 8.11.6-9.x - Unauthenticated Information Disclosure via Messenger CSV Export
CVSS 4.3
CVE-2020-27665 HIGH
Strapi < 3.2.5 - Unauthenticated Content-Type Builder Route Access
CVSS 7.5
CVE-2020-17381 HIGH
Ghisler Total Commander <9.51 - Privilege Escalation
CVSS 7.3
CVE-2020-15843 HIGH
ActFax 7.10 Build 0335 - Authenticated Privilege Escalation via Insecure Folder Permissions
CVSS 7.3
CVE-2020-15850 HIGH
Nakivo Backup & Replication Director 9.4.0.r43656 - Privilege Escalation via Insecure Database Permissions
CVSS 7.8
CVE-2020-26088 MEDIUM
Linux Kernel < 5.8.2 - Unauthenticated Raw Socket Creation via Missing CAP_NET_RAW Check
CVSS 5.5
CVE-2020-0294 MEDIUM
Android - Local Privilege Escalation via Unsafe PendingIntent in WallpaperManagerService
CVSS 5.5
CVE-2020-0374 HIGH
Android 11 - Local Privilege Escalation via Unsafe PendingIntent in NFC
CVSS 7.8
CVE-2020-0275 HIGH
Android 11 - Local Privilege Escalation via MediaProvider Permissions Bypass
CVSS 7.8
CVE-2020-0390 MEDIUM
Android 10-11 - Local Information Disclosure via Zygote SE Policy Permissions Bypass
CVSS 5.5
CVE-2020-0388 HIGH
Android - Local Privilege Escalation via Empty Mutable PendingIntent
CVSS 7.8
CVE-2020-8346 MEDIUM
Lenovo System Interface Foundation <1.1.19.5 - DoS
CVSS 5.5
CVE-2020-10050 HIGH
SIMATIC RTLS Locating Manager < 2.10.2 - Local Privilege Escalation via Service Executable Directory
CVSS 7.8
CVE-2020-10049 HIGH
SIMATIC RTLS Locating Manager < 2.10.2 - Local Command Injection via Start-Stop Scripts
CVSS 7.3
CVE-2020-23971 HIGH
gmapfp J3.30pro - Unauthenticated Arbitrary File Upload via Content-Type and Double Extension Bypass
CVSS 7.5
CVE-2020-24584 HIGH
Django <2.2.16, <3.0.10, <3.1.1 - Info Disclosure
CVSS 7.5
CVE-2020-24583 HIGH
Django <2.2.16, 3.0<10, 3.1<1 - Info Disclosure
CVSS 7.5
CVE-2020-7527 HIGH
SoMove < 2.8.1 - Incorrect Default Permissions
CVSS 7.8
CVE-2020-13468 MEDIUM
Gigadevice GD32F130 - Privilege Escalation
CVSS 6.8
CVE-2020-24717 HIGH
OpenZFS < 0.8.4 - Incorrect Default Permissions on FreeBSD
CVSS 7.8
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits