CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2020-3485 MEDIUM
Cisco Vision Dynamic Signage Director - Privilege Escalation
CVSS 6.3
CVE-2020-3484 MEDIUM
Cisco Vision Dynamic Signage Director - Info Disclosure
CVSS 5.3
CVE-2020-3152 MEDIUM
Cisco Connected Mobile Experiences - Authenticated Privilege Escalation via CLI Command Injection
CVSS 6.7
CVE-2020-7824 MEDIUM
iPECS 1.0.0-1.0.34 - Authenticated Privilege Escalation via Session Cookie Manipulation
CVSS 6.5
CVE-2020-1571 HIGH
Windows 10 - Elevation of Privilege via Incorrect Default Permissions in Setup
CVSS 7.3
CVE-2020-15145 MEDIUM
Composer-Setup for Windows <6.0.0 - Privilege Escalation
CVSS 6.7
CVE-2020-8763 HIGH
Intel(R) RealSense(TM) D400 Series UWP - Privilege Escalation
CVSS 7.8
CVE-2020-8743 HIGH
Intel(R) Mailbox Interface - Privilege Escalation
CVSS 7.8
CVE-2020-12287 HIGH
Intel Distribution of OpenVINO Toolkit < 2020.2 - Authenticated Privilege Escalation via Incorrect Default Permissions
CVSS 7.8
CVE-2020-15821 MEDIUM
JetBrains YouTrack < 2020.2.6881 - Unauthenticated Article Draft Creation
CVSS 6.5
CVE-2020-8026 HIGH
openSUSE Leap 15.2, Tumbleweed, Leap 15.1 - Privilege Escalation
CVSS 8.4
CVE-2020-8219 HIGH
Pulse Connect Secure <9.1R8 - Privilege Escalation
CVSS 7.2
CVE-2020-2077 HIGH
SICK Package Analytics <= 04.0.0 - Unauthenticated Sensitive Data Exposure via REST API
CVSS 7.5
CVE-2020-10606 HIGH
OSIsoft PI System - Info Disclosure
CVSS 7.8
CVE-2020-6527 MEDIUM
Google Chrome < 84.0.4147.89 - Content Security Policy Bypass via Crafted HTML Page
CVSS 4.3
CVE-2020-15852 HIGH
Linux Kernel 5.5-5.7.9 - Incorrect Default Permissions via TSS I/O Bitmap Mishandling
CVSS 7.8
CVE-2020-0122 MEDIUM
Android - Local Privilege Escalation via Incorrect Default Permissions
CVSS 6.7
CVE-2020-6165 MEDIUM
SilverStripe 4.5.0 - Info Disclosure
CVSS 5.3
CVE-2020-11955 HIGH
Rittal CMCIII-PU-9333E0FB < 3.15.70 and PDU-3C002DEC < 5.15.70 - Insecure Default Permissions
CVSS 8.8
CVE-2020-12415 MEDIUM
Firefox < 78.0 - Incorrect Default Permissions via Manifest URL Handling
CVSS 6.5
CVE-2020-12424 MEDIUM
Firefox < 78.0 - Permission Prompt Bypass via WebRTC URI
CVSS 6.5
CVE-2020-5974 HIGH
NVIDIA JetPack SDK <4.3 - Privilege Escalation
CVSS 7.8
CVE-2020-15578 MEDIUM
Google Android - Incorrect Default Permissions
CVSS 5.5
CVE-2020-5906 HIGH
BIG-IP <13.1.3.3, 12.1.5.2, 11.6.5.2 - Privilege Escalation
CVSS 8.1
CVE-2020-8022 HIGH
tomcat - Incorrect Default Permissions
CVSS 7.7
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits