CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2020-8024 MEDIUM
openSUSE Leap <15.2, 15.1 & Factory - Privilege Escalation
CVSS 5.3
CVE-2020-15351 HIGH
IDrive <6.7.3.19 - Privilege Escalation
CVSS 7.8
CVE-2020-10279 CRITICAL
MiR and ER Robot Firmware < 2.8.1.1 - Race Condition and Privilege Escalation via Insecure Ubuntu Defaults
CVSS 9.8
CVE-2020-8933 HIGH
Google guest-oslogin 20190304-20200507 - Privilege Escalation via lxd Group Membership
CVSS 7.8
CVE-2020-8907 HIGH
Google guest-oslogin 20190304-20200507 - Privilege Escalation via Docker Group Membership
CVSS 7.8
CVE-2020-8903 HIGH
Google guest-oslogin 20190304-20200507 - Privilege Escalation via DHCP XID Manipulation
CVSS 7.8
CVE-2020-3626 HIGH
Snapdragon Auto- Snapdragon Compute- Snapdragon Consumer IOT- Snapd...
CVSS 7.8
CVE-2020-14019 HIGH
rtslib-fb < 2.1.72 - Incorrect Default Permissions in saveconfig.json
CVSS 7.8
CVE-2020-10782 MEDIUM
Ansible Tower 3.7.0 - Sensitive Information Exposure via Rsyslog Configuration File
CVSS 6.5
CVE-2020-14156 HIGH
OpenBMC < 2020-04-03 - Incorrect Default Permissions in phosphor-host-ipmid
CVSS 8.8
CVE-2020-0215 HIGH
Android - Bluetooth MAC Address Exposure via ConfirmConnectActivity Permissions Bypass
CVSS 7.8
CVE-2020-0209 HIGH
Android - Local Privilege Escalation via AccountManager Permissions Bypass
CVSS 7.8
CVE-2020-0208 HIGH
Android - Local Privilege Escalation via AccountManager Permissions Bypass
CVSS 7.8
CVE-2020-0133 HIGH
Android 10 - Local Privilege Escalation via MockLocationAppPreferenceController Permissions Bypass
CVSS 7.3
CVE-2020-9817 HIGH
macOS < 10.13.6 - Unauthenticated Privilege Escalation via Permission Validation Issue
CVSS 7.8
CVE-2020-13885 HIGH
Citrix Workspace App < 2006.1 - Incorrect Default Permissions
CVSS 7.8
CVE-2020-13884 HIGH
Citrix Workspace App < 2006.1 - Privilege Escalation via Unquoted Path
CVSS 7.8
CVE-2020-8954 MEDIUM
Openbrowser - Incorrect Default Permissions
CVSS 5.4
CVE-2020-12695 HIGH
Open Connectivity Foundation UPnP <2020-04-17 - SSRF
CVSS 7.5
CVE-2020-13894 HIGH
dext5 < 3.5.1402961 - Arbitrary File Download via savefilepath Parameter
CVSS 7.5
CVE-2020-13867 MEDIUM
targetcli-fb < 2.1.52 - Incorrect Default Permissions for /etc/target
CVSS 5.5
CVE-2020-6504 MEDIUM
Google Chrome < 74.0.3729.108 - Notification Restriction Bypass via Crafted HTML Page
CVSS 4.3
CVE-2020-6502 MEDIUM
Google Chrome < 80.0.3987.87 - Security UI Spoofing via Crafted HTML Page
CVSS 6.5
CVE-2020-6501 MEDIUM
Chrome < 80.0.3987.87 - Content Security Policy Bypass via Crafted HTML Page
CVSS 6.5
CVE-2020-6498 MEDIUM
Google Chrome on iOS < 83.0.4103.88 - Domain Spoofing via Crafted HTML Page
CVSS 6.5
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits