CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2019-9579 HIGH
Illumos <5.1.2 - Privilege Escalation
CVSS 8.1
CVE-2019-20468 CRITICAL
TK-Star Q90 Junior GPS Horloge Firmware 3.1042.9.8656 - Unnecessary Dangerous Permissions
CVSS 9.8
CVE-2019-8777 LOW
macOS < 10.14.4 - Unprotected Contact Data Exposure via Lock Screen
CVSS 2.4
CVE-2019-14718 MEDIUM
Verifone MX900 Firmware 30251000 - Insecure Permissions and Privilege Escalation via svc_netcontrol
CVSS 6.7
CVE-2019-10679 HIGH
Thomson Reuters Eikon 4.0.42144 - Incorrect Default Permissions in Service Executable
CVSS 7.8
CVE-2019-20889 MEDIUM
Mattermost Server < 4.10.5, 5.5.2, 5.6.3, 5.7 - Incorrect Default Permissions for User-Access Token Creation
CVSS 5.3
CVE-2019-20882 MEDIUM
Mattermost Server < 5.8.0 - Incorrect Default Permissions in Open Team Join Request
CVSS 5.3
CVE-2019-9943 HIGH
OMERO.server <5.7.0 - Privilege Escalation
CVSS 7.5
CVE-2019-9682 HIGH
Dahua Firmware < 2019-12 - Unauthenticated Weak Security Login Mode
CVSS 8.1
CVE-2019-15793 MEDIUM
Linux kernel <5.3 - Privilege Escalation
CVSS 6.5
CVE-2019-14326 HIGH
AndyOS Andy <46.11.113 - Privilege Escalation
CVSS 7.8
CVE-2019-3944 HIGH
Parrot ANAFI Firmware < 1.5.0 - Unauthenticated Wi-Fi Deauthentication Attack
CVSS 7.5
CVE-2019-20536 CRITICAL
Samsung Android N(7.1) O(8.x) P(9.0) - Incorrect Default Permissions in Firewall PermissionWhiteLists
CVSS 9.8
CVE-2019-16061 HIGH
NETSAS Enigma NMS <65.0.0 - Info Disclosure
CVSS 8.8
CVE-2019-19792 MEDIUM
ESET Cyber Security < 6.8.300.0 - Privilege Escalation via Root-Owned File Append
CVSS 6.7
CVE-2019-2200 HIGH
Android 10 - Local Privilege Escalation via Permission Bypass
CVSS 7.3
CVE-2019-14002 HIGH
Snapdragon Auto-SDM8953 - Unauthorized Access
CVSS 7.8
CVE-2019-20106 MEDIUM
Atlassian Jira < 7.13.12, 8.0.0-8.5.4, 8.6.0-8.6.1 - Broken Access Control in Comment Permissions
CVSS 4.3
CVE-2019-17103 MEDIUM
Bitdefender Antivirus < 8.0.0 - Incorrect Default Permissions in BDLDaemon
CVSS 4.9
CVE-2019-18900 MEDIUM
SUSE CaaS Platform <3.0, SUSE Linux Enterprise Server <12, SUSE Lin...
CVSS 4.0
CVE-2019-3687 MEDIUM
SUSE Linux Enterprise Server - Incorrect Default Permissions for dumpcap in Easy Permission Profile
CVSS 4.0
CVE-2019-19896 CRITICAL
IXP EasyInstall 6.2.13723 - Remote Code Execution via Weak Engine Service Share Permissions
CVSS 9.9
CVE-2019-19392 CRITICAL
forDNN.UsersExportImport <1.2.0 - Privilege Escalation
CVSS 9.8
CVE-2019-14601 HIGH
Intel(R) RWC 3 - Privilege Escalation
CVSS 7.8
CVE-2019-19475 HIGH
ManageEngine Applications Manager 14- Build 14360 - Privilege Escal...
CVSS 8.8
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits