Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-276:Incorrect Default Permissions
Weakness ID:276
Version:v4.17
Weakness Name:Incorrect Default Permissions
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Draft
Likelihood of Exploit:Medium
DetailsContent HistoryObserved CVE ExamplesReports
1454Vulnerabilities found
CVE-2023-46773
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.43%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:31
Updated-02 Aug, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-37572
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.30%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 00:00
Updated-11 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted.

Action-Not Available
Vendor-softingn/a
Product-opcn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-40076
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.82%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 22:40
Updated-29 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-21216
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.27%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 22:40
Updated-29 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-47462
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.40% / 87.26%
||
7 Day CHG~0.00%
Published-29 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.

Action-Not Available
Vendor-gl-inetn/a
Product-gl-ax1800_firmwaregl-ax1800n/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-42501
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.59%
||
7 Day CHG~0.00%
Published-27 Nov, 2023 | 10:23
Updated-05 Jun, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Superset: Unnecessary read permissions within the Gamma role

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.

Action-Not Available
Vendor-apache_software_foundationThe Apache Software Foundation
Product-supersetApache Supersetapache_superset
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-6302
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 13.26%
||
7 Day CHG~0.00%
Published-27 Nov, 2023 | 00:00
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSZCMS File Manager Page templates permission

A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-cskazan/a
Product-cszcmsCSZCMS
CWE ID-CWE-275
Not Available
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-43081
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4||MEDIUM
EPSS-0.04% / 10.32%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 12:50
Updated-01 Oct, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_agent_for_file_systemPowerProtect Agent for File System
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-47250
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.31%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack.

Action-Not Available
Vendor-m-privacyn/a
Product-tightgatevncmprivacy-toolsrsbac-policy-tgpron/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-42774
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 6.33%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:46
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has a incorrect default permissions vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-3116
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-7.3||HIGH
EPSS-0.02% / 5.35%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:44
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has a incorrect default permissions vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-40363
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.04% / 10.77%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 17:14
Updated-21 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server privilege escalation

IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-48648
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.62%
||
7 Day CHG-0.53%
Published-17 Nov, 2023 | 00:00
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.

Action-Not Available
Vendor-concretecmsn/aconcretecms
Product-concrete_cmsn/aconcrete_cms
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-47335
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.17%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 00:00
Updated-11 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.

Action-Not Available
Vendor-autelroboticsn/a
Product-evo_nano_droneevo_nano_drone_firmwaren/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-41718
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.05%
||
7 Day CHG-0.10%
Published-14 Nov, 2023 | 23:18
Updated-07 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowssecure_access_clientSecure Access
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-35080
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.15%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:18
Updated-07 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowssecure_access_clientSecure Access Client
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-23583
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 9.96%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

Action-Not Available
Vendor-n/aDebian GNU/LinuxNetApp, Inc.Intel Corporation
Product-core_i5-1145gre_firmwarexeon_d-2796tecore_i7-11850he_firmwarexeon_d-1627_firmwarecore_i7-11370h_firmwarexeon_d-2738core_i7-11700fxeon_platinum_8362core_i7-1160g7core_i5-1035g7xeon_gold_6338core_i7-10850hxeon_d-2777nxxeon_d-1527xeon_gold_6338t_firmwarexeon_d-2766ntcore_i7-1185grecore_i3-1125g4_firmwarecore_i7-11375hcore_i7-11800h_firmwarecore_i7-10870h_firmwarexeon_silver_4309yxeon_platinum_8352yxeon_platinum_8380h_firmwarecore_i3-1110g4_firmwarexeon_platinum_8360hl_firmwarecore_i5-11600_firmwarexeon_d-1746ter_firmwarexeon_gold_6354_firmwarexeon_d-2163it_firmwarecore_i5-1140g7_firmwarecore_i3-1110g4core_i5-10210uxeon_gold_6326xeon_d-2776ntxeon_d-1527_firmwarexeon_d-1521_firmwarexeon_d-2798ntxeon_d-1733ntxeon_gold_5317_firmwarecore_i5-10200hxeon_d-1557_firmwarexeon_d-2775te_firmwarecore_i9-11900kf_firmwarexeon_d-2766nt_firmwarexeon_silver_4316core_i5-1035g4core_i5-10400hcore_i7-11700xeon_d-1518xeon_gold_5318y_firmwarecore_i7-10510u_firmwarexeon_d-1714core_i3-10100yxeon_d-2799_firmwarexeon_d-2745nx_firmwarexeon_d-2143itxeon_gold_6348_firmwarexeon_d-2163itcore_i7-11370hcore_i5-10310uxeon_gold_5318s_firmwarecore_i9-11900txeon_d-1734nt_firmwarexeon_d-2161i_firmwarexeon_d-2779_firmwarecore_i7-1195g7_firmwarecore_i5-11600tcore_i5-10310y_firmwarexeon_d-1567_firmwarecore_i7-11850hxeon_d-1567core_i9-11900xeon_d-2777nx_firmwarecore_i7-10510yxeon_platinum_8380hcore_i7-1185g7e_firmwarexeon_d-2173it_firmwarecore_i3-10110ucore_i7-11800hxeon_platinum_8376hxeon_d-1746terxeon_gold_6312u_firmwarexeon_gold_6330xeon_platinum_8362_firmwarecore_i5-10310u_firmwarexeon_silver_4310t_firmwarexeon_d-1531_firmwarexeon_gold_6314ucore_i7-10610u_firmwarexeon_d-2123it_firmwarecore_i5-1155g7core_i7-10710u_firmwarexeon_d-1715tercore_i9-11950hcore_i7-11850hecore_i5-11600core_i5-10300hxeon_d-1571xeon_d-1736_firmwarexeon_platinum_8353hcore_i9-10980hkxeon_gold_6348hcore_i3-1005g1_firmwarexeon_gold_6338_firmwarexeon_d-2173itcore_i7-11700txeon_d-2123itxeon_d-1731nte_firmwarecore_i7-10510ucore_i3-10100y_firmwarexeon_d-2177nt_firmwarexeon_d-1627xeon_d-1533n_firmwarecore_i5-11400h_firmwarexeon_d-2796ntxeon_silver_4309y_firmwarecore_i9-11900hxeon_gold_5320hxeon_platinum_8358p_firmwarecore_i5-11600k_firmwarexeon_gold_5320xeon_platinum_8360yxeon_d-2779xeon_gold_6330h_firmwarexeon_d-1602core_i5-11500h_firmwarecore_i3-11100hecore_i9-11900kxeon_d-1712trxeon_d-1539xeon_d-2796te_firmwarefas9500_firmwarexeon_gold_6338txeon_d-1713ntecore_i7-11700k_firmwarexeon_d-2752ter_firmwarexeon_gold_5318sxeon_d-2733nt_firmwarexeon_d-1649n_firmwarexeon_d-2146ntxeon_d-1577_firmwarecore_i5-11500t_firmwarexeon_platinum_8356h_firmwarecore_i7-1160g7_firmwarexeon_d-2145nt_firmwarecore_i7-11600h_firmwarexeon_d-1726_firmwarexeon_d-2187ntxeon_d-1732texeon_d-2712txeon_d-1537_firmwarecore_i7-10750h_firmwarexeon_d-1541_firmwarecore_i3-1115gre_firmwarexeon_platinum_8380hlxeon_gold_5318nxeon_d-2166nt_firmwarecore_i9-10885hxeon_d-2166ntcore_i5-11400txeon_d-2776nt_firmwarexeon_d-1732te_firmwarecore_i7-1180g7_firmwarexeon_platinum_8358pcore_i5-11300hcore_i9-11900kfxeon_d-2712t_firmwarecore_i5-1145g7core_i3-1125g4xeon_gold_6328h_firmwarexeon_d-1623n_firmwarecore_i7-10750hxeon_d-1548_firmwarexeon_d-1713nte_firmwarexeon_gold_6328hl_firmwarexeon_gold_6342_firmwarexeon_gold_5317core_i7-10875hxeon_d-2183itxeon_platinum_8358_firmwarexeon_platinum_8352m_firmwarexeon_d-1622xeon_d-1559_firmwarexeon_gold_6348h_firmwarexeon_platinum_8356hcore_i9-11900k_firmwarecore_i5-10400h_firmwarexeon_d-2145ntcore_i5-1035g7_firmwarexeon_platinum_8360y_firmwarecore_i5-11400t_firmwarecore_i3-1115g4core_i7-11700f_firmwarefas2820_firmwarexeon_d-1529_firmwarexeon_d-1540_firmwarexeon_d-1637_firmwarexeon_gold_5318h_firmwarexeon_d-1733nt_firmwarexeon_d-2733ntxeon_gold_5320tcore_i5-10210ycore_i5-1140g7xeon_gold_6312uxeon_gold_5320h_firmwarexeon_d-2142it_firmwarexeon_d-2143it_firmwarecore_i5-10210u_firmwarexeon_d-1736xeon_d-1735trxeon_d-1513n_firmwarecore_i3-10110yxeon_d-2795nt_firmwarecore_i5-11400fxeon_d-2752ntexeon_d-1523n_firmwarecore_i5-11500_firmwarexeon_d-2753nt_firmwarexeon_gold_5318n_firmwarexeon_platinum_8352y_firmwarexeon_silver_4314core_i5-1145grecore_i7-1180g7core_i5-11600kfcore_i5-10500h_firmwarexeon_platinum_8358core_i7-11700kfxeon_gold_5315ycore_i7-10870hcore_i9-11950h_firmwarexeon_platinum_8352s_firmwarecore_i5-1035g1core_i5-11260h_firmwarexeon_platinum_8354hcore_i9-11900_firmwarecore_i5-11400f_firmwarexeon_silver_4310_firmwarexeon_gold_6338n_firmwarexeon_d-1718tcore_i3-10110y_firmwarecore_i5-1035g4_firmwarecore_i7-1185g7core_i7-1195g7core_i5-11500txeon_gold_6326_firmwarecore_i7-1165g7xeon_platinum_8351n_firmwarexeon_d-1523nxeon_d-2786nte_firmwarecore_i5-11600kcore_i9-11900h_firmwarecore_i7-11390hxeon_d-2786ntexeon_d-1540xeon_platinum_8368xeon_d-1653ncore_i7-11700kxeon_d-1528xeon_d-1637xeon_d-1577core_i7-11700_firmwarecore_i5-1130g7_firmwarexeon_d-1715ter_firmwarexeon_silver_4310txeon_platinum_8380core_i7-10710uxeon_d-2141ixeon_d-1541xeon_gold_6314u_firmwaredebian_linuxcore_i3-11100he_firmwarexeon_d-1543n_firmwarexeon_platinum_8351nxeon_platinum_8376hl_firmwarecore_i5-11500he_firmwarexeon_d-1633n_firmwarexeon_gold_6330n_firmwarecore_i5-1145g7_firmwarexeon_d-1722ne_firmwarexeon_gold_6336yxeon_platinum_8352vxeon_d-1747ntecore_i5-10210y_firmwarexeon_d-2757nx_firmwarexeon_d-1653n_firmwarexeon_d-1734ntcore_i5-11400hxeon_d-1735tr_firmwarexeon_d-1747nte_firmwarexeon_d-1553nxeon_d-1571_firmwarecore_i9-11900t_firmwarexeon_d-1633nxeon_platinum_8360hlcore_i5-11400_firmwarexeon_d-1548core_i9-11900fxeon_d-1649nxeon_d-1529xeon_platinum_8380_firmwarecore_i7-10510y_firmwarexeon_gold_6330_firmwarecore_i7-11600hcore_i7-11390h_firmwarecore_i9-11980hkxeon_d-1518_firmwarexeon_gold_5320_firmwarexeon_d-2738_firmwarecore_i7-1165g7_firmwarexeon_platinum_8380hl_firmwarexeon_platinum_8360h_firmwarexeon_d-2757nxxeon_d-1713ntcore_i3-1115g4e_firmwarexeon_gold_6354xeon_gold_6336y_firmwarexeon_d-1520xeon_d-2752tercore_i5-1130g7xeon_platinum_8354h_firmwarexeon_d-2799xeon_platinum_8352mcore_i3-1120g4xeon_d-2146nt_firmwarexeon_d-2795ntcore_i3-1120g4_firmwarecore_i5-10310yxeon_d-1739_firmwarexeon_gold_6330hxeon_d-1736ntxeon_d-1713nt_firmwarexeon_gold_5318hxeon_d-1520_firmwarecore_i5-10500hxeon_platinum_8376hlxeon_silver_4316_firmwarecore_i7-1185g7_firmwarexeon_d-2798nt_firmwarexeon_d-1623ncore_i7-10810u_firmwarecore_i5-11600kf_firmwarecore_i5-11320hxeon_d-1531core_i7-10810ucore_i7-11700kf_firmwarecore_i3-1115g4_firmwarexeon_d-1533ncore_i7-11375h_firmwarexeon_d-1722nexeon_gold_6346core_i7-10875h_firmwarecore_i3-1115grexeon_d-2142itcore_i5-11500hxeon_d-1718t_firmwarecore_i7-10610ucore_i5-1035g1_firmwarexeon_d-1622_firmwarexeon_gold_6338ncore_i7-1065g7_firmwarecore_i5-1135g7_firmwarexeon_d-2796nt_firmwareaffa900_firmwarexeon_platinum_8360hxeon_gold_5315y_firmwarecore_i5-11260hxeon_d-1749nt_firmwarexeon_d-1702_firmwarexeon_d-2161iaffa900core_i5-10300h_firmwarexeon_d-2141i_firmwarecore_i3-1115g4ecore_i7-11850h_firmwarexeon_gold_6348xeon_gold_6330ncore_i5-11600t_firmwarecore_i5-10200h_firmwarecore_i9-11900f_firmwarecore_i5-11300h_firmwarexeon_platinum_8368_firmwarecore_i9-11980hk_firmwarecore_i7-11700t_firmwarexeon_d-2798nxxeon_platinum_8352v_firmwarecore_i9-10885h_firmwarexeon_d-2745nxcore_i5-1145g7exeon_gold_5320t_firmwarecore_i5-11500hexeon_d-1748tecore_i5-1145g7e_firmwarexeon_silver_4310core_i7-1185gre_firmwarexeon_silver_4314_firmwarexeon_d-1513nxeon_d-1537xeon_gold_6334xeon_d-2187nt_firmwarexeon_d-2752nte_firmwarecore_i5-11500core_i5-1135g7xeon_d-1739fas2820core_i3-10110u_firmwarexeon_d-1543nxeon_d-1528_firmwarexeon_d-1539_firmwarexeon_d-1559xeon_d-1702xeon_d-1521fas9500xeon_gold_6342xeon_d-1748te_firmwarexeon_d-1749ntxeon_platinum_8353h_firmwarexeon_platinum_8376h_firmwarexeon_d-1712tr_firmwarexeon_d-2798nx_firmwarecore_i7-1185g7exeon_platinum_8352sxeon_gold_6346_firmwarexeon_gold_5318ycore_i3-1005g1xeon_gold_6328hxeon_d-2183it_firmwarexeon_d-2753ntxeon_d-1557xeon_d-2775tecore_i5-11400xeon_gold_6334_firmwarexeon_d-1731ntecore_i7-10850h_firmwarecore_i7-1065g7xeon_d-1714_firmwarexeon_d-1736nt_firmwarexeon_d-1602_firmwarexeon_gold_6328hlxeon_d-1726core_i9-10980hk_firmwarexeon_d-2177ntxeon_d-1553n_firmwareIntel(R) Processors
CWE ID-CWE-1281
Sequence of Processor Instructions Leads to Unexpected Behavior
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-27305
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.82%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-02 Aug, 2024 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsarc_a_graphicsiris_xe_graphicsIntel(R) Arc(TM) Control software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32638
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-arc_rgb_controllerIntel Arc RGB Controller software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-43902
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 55.04%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 00:00
Updated-08 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token.

Action-Not Available
Vendor-emsignern/a
Product-emsignern/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-46743
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 15:32
Updated-04 Sep, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The same file cannot be opened with different rights

application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3.

Action-Not Available
Vendor-XWiki SAS
Product-application-collaboraapplication-collaboraapplication-collabora
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4706
Assigner-Lenovo Group Ltd.
ShareView Details
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.92%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:59
Updated-02 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-preload_directory1Lenovo Preload Directory
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-43984
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.76%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 00:00
Updated-05 Sep, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table.

Action-Not Available
Vendor-advanced_export_products_orders_cron_csv_excel_projectn/a
Product-advanced_export_products_orders_cron_csv_exceln/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-41726
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.15%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 18:13
Updated-06 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4091
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.62%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 07:56
Updated-20 Nov, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: smb clients can truncate files with read-only permissions

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectSamba
Product-sambaenterprise_linuxfedoraenterprise_linux_eusstorageRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Storage 3Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-4575
Assigner-Lenovo Group Ltd.
ShareView Details
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.23%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 14:42
Updated-03 Aug, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_p70_firmwarethinkpad_p50_firmwarethinkpad_t560thinkpad_p70thinkpad_x1_carbon_4th_gen_firmwarethinkpad_25thinkpad_25_firmwarethinkpad_t470thinkpad_x1_carbon_4th_genthinkpad_x260_firmwarethinkpad_t470s_firmwarethinkpad_p50thinkpad_t470sthinkpad_x270thinkpad_yoga_260_firmwarethinkpad_l560thinkpad_p50sthinkpad_t560_firmwarethinkpad_x270_firmwarethinkpad_x1_yoga_1st_genthinkpad_x1_yoga_1st_gen_firmwarethinkpad_l560_firmwarethinkpad_x260thinkpad_p50s_firmwarethinkpad_yoga_260thinkpad_t470_firmwareThinkPad BIOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-5623
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7||HIGH
EPSS-0.06% / 17.76%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 16:25
Updated-09 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location

Action-Not Available
Vendor-Tenable, Inc.
Product-nessus_network_monitorNessus Network Monitornessus_network_monitor
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-3112
Assigner-Lenovo Group Ltd.
ShareView Details
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.43%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:31
Updated-12 Sep, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-ellipticlabsLenovo Group Limited
Product-virtual_lock_sensorai_virtual_presence_sensorthinkpad_t14_gen_3AI Virtual Presence SensorElliptic Labs Virtual Lock Sensorthinkpad_t14_gen_3
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-45990
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.04% / 77.19%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges.

Action-Not Available
Vendor-wenwen-ain/a
Product-wenwenai_cmsn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-35181
Assigner-SolarWinds
ShareView Details
Assigner-SolarWinds
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.01%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 14:24
Updated-13 Sep, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-access_rights_managerAccess Rights Manageraccess_rights_manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-35183
Assigner-SolarWinds
ShareView Details
Assigner-SolarWinds
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.64%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 14:23
Updated-13 Sep, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-access_rights_managerAccess Rights Manageraccess_rights_manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-42150
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.26% / 49.14%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

Action-Not Available
Vendor-tinylabn/a
Product-cloud_lablinux_labn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-27133
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.19%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 00:00
Updated-16 Sep, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.

Action-Not Available
Vendor-tsplusn/a
Product-tsplus_remote_workn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-45690
Assigner-Rapid7, Inc.
ShareView Details
Assigner-Rapid7, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.24% / 46.59%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 16:20
Updated-16 Sep, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information leak via default file permissions on Titan MFT and Titan SFTP servers

Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem

Action-Not Available
Vendor-southrivertechSouth River Technologies
Product-titan_ftp_servertitan_mft_serverTitan SFTPTitan MFT
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-44194
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.4||HIGH
EPSS-0.02% / 6.26%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:04
Updated-27 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: An unauthenticated attacker with local access to the device can create a backdoor with root privileges

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-3431
Assigner-Lenovo Group Ltd.
ShareView Details
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 9.95%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 18:18
Updated-19 Sep, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_5_pro-16ihu6_firmwarethinkbook_plus_g3_iap_firmwareyoga_slim_7-13itl05yoga_slim_7_carbon_13itl5thinkbook_16_g4\+_arad330-10iglideapad_5_pro-16ihu6yoga_slim_7-13itl05_firmwareyoga_duet_7-13itl6-lteyoga_slim_7-13acn05_firmwareyoga_slim_7_carbon_13itl5_firmwareslim_7_16arh7_firmwareyoga_duet_7-13iml05_firmwarethinkbook_14_g4\+_araideapad_slim_7_pro_16ach6_firmwarethinkbook_13x_itgthinkbook_16_g4\+_iapthinkbook_13x_itg_firmwareideapad_5_pro_16arh7yoga_slim_7_pro_16ach6ideapad_creator_5-16ach6_firmwarethinkbook_plus_g3_iapd330-10igl_firmwareideapad_duet_3_10igl5_firmwareyoga_slim_7_pro_16arh7yoga_slim_7-13acn05ideapad_creator_5-16ach6thinkbook_plus_g2_itg_firmwarethinkbook_plus_g2_itgthinkbook_16_g4\+_iap_firmwareyoga_slim_7_pro_16ach6_firmwareyoga_duet_7-13itl6_firmwareyoga_duet_7-13iml05ideapad_5_pro_16arh7_firmwarethinkbook_16_g4\+_ara_firmwares540-15iml_firmwareideapad_slim_7_pro_16ach6slim_7_16arh7thinkbook_16p_nx_arh_firmwareyoga_duet_7-13itl6-lte_firmwareyoga_slim_7_pro_16arh7_firmwareyoga_duet_7-13itl6thinkbook_14_g4\+_iaps540-15imlideapad_5_pro-16ach6thinkbook_14_g4\+_iap_firmwarethinkbook_14_g4\+_ara_firmwareideapad_5_pro-16ach6_firmwareideapad_duet_3_10igl5thinkbook_16p_nx_arhBIOSnotebook
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-3440
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.09% / 25.44%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 01:05
Updated-02 Aug, 2024 | 06:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File and Directory Permission Vulnerability in JP1/Performance Management

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.

Action-Not Available
Vendor-Hitachi, Ltd.Microsoft Corporation
Product-windowsjp1\/performance_managementJP1/Performance Management - Remote Monitor for Virtual MachineJP1/Performance Management - Agent Option for IBM WebSphere Application ServerJP1/Performance Management - Agent Option for Service ResponseJP1/Performance Management - Agent Option for Virtual MachineJP1/Performance Management - Remote Monitor for Microsoft(R) SQL ServerJP1/Performance Management - Agent Option for PlatformJP1/Performance Management - Agent Option for Enterprise ApplicationsJP1/Performance Management - Agent Option for Application ServerJP1/Performance Management - Agent Option for Microsoft(R) SQL ServerJP1/Performance Management - Agent Option for uCosminexus Application ServerJP1/Performance Management - Remote Monitor for OracleJP1/Performance Management - Agent Option for Microsoft(R) Exchange ServerJP1/Performance Management - BaseJP1/Performance Management - Agent Option for JP1/AJS3JP1/Performance Management - Agent Option for IBM Lotus DominoJP1/Performance Management - Agent Option for OracleJP1/Performance Management - Agent Option for IBM WebSphere MQJP1/Performance Management - Agent Option for DominoJP1/Performance Management - Agent Option for OpenTP1JP1/Performance Management - Agent Option for Microsoft(R) Internet Information ServerJP1/Performance Management - ManagerJP1/Performance Management - Agent Option for Transaction SystemJP1/Performance Management - Remote Monitor for PlatformJP1/Performance Management - Agent Option for HiRDBJP1/Performance Management - Agent Option for Oracle WebLogic Server
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-44157
Assigner-Acronis International GmbH
ShareView Details
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.05% / 13.97%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 12:01
Updated-23 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectwindowsAcronis Cyber Protect 15
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4065
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.88%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 13:25
Updated-20 Nov, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Operator: plaintext password in operator log

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformjboss_a-mqjboss_middlewareenterprise_linuxRed Hat AMQ Broker 7RHEL-8 based Middleware Containers
CWE ID-CWE-117
Improper Output Neutralization for Logs
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-4039
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-0.12% / 31.32%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 14:00
Updated-24 Sep, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rhsso-container-image: unsecured management interface exposed to adjecent network

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onopenshift_container_platform_for_ibm_zopenshift_container_platformenterprise_linuxopenshift_container_platform_for_poweropenshift_container_platform_for_linuxoneRHEL-8 based Middleware ContainersRed Hat Single Sign-On 7
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-42261
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.93%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.

Action-Not Available
Vendor-n/aMobile Security Framework (MobSF)
Product-mobile_security_frameworkn/amobile_security_framework
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-43496
Assigner-Jenkins Project
ShareView Details
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.63%
||
7 Day CHG-0.06%
Published-20 Sep, 2023 | 16:06
Updated-02 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-5042
Assigner-Acronis International GmbH
ShareView Details
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.28%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 11:03
Updated-24 Sep, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowscyber_protect_home_officeAcronis Cyber Protect Home Office
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4088
Assigner-Mitsubishi Electric Corporation
ShareView Details
Assigner-Mitsubishi Electric Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 6.85%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 02:26
Updated-24 Sep, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malicious Code Execution Vulnerability in FA Engineering Software Products

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gx_works3MELSOFT iQ AppPortalPX DeveloperGX Works3GT SoftGOT1000 Version3CPU Module Logging Configuration ToolFX Configurator-FPGT Designer3 Version1(GOT1000)GX LogViewerGT SoftGOT2000 Version1GT Designer3 Version1(GOT2000)MELSOFT Update ManagerData TransferMELSOFT MaiLabData Transfer ClassicFX Configurator-ENRT ToolBox3MELSOFT FieldDeviceConfiguratorMX ComponentFR Configurator2GX Works2EZSocketMELSOFT NavigatorRT VisualBoxAL-PCS/WIN-EFX Configurator-EN-LMX Sheet
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-3466
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 5.78%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 13:18
Updated-03 Aug, 2024 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cri-o: security regression of cve-2022-27652

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.

Action-Not Available
Vendor-Red Hat, Inc.Kubernetes
Product-cri-oopenshift_container_platformRed Hat OpenShift Container Platform 3.11Red Hat OpenShift Container Platform 4.12
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4664
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.41%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 08:38
Updated-24 Sep, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilage Escalation in Saphira Connect

Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.

Action-Not Available
Vendor-SaphiraAdobe Inc.
Product-connectSaphira Connect
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-37878
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-6.1||MEDIUM
EPSS-0.10% / 28.35%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 08:16
Updated-26 Sep, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Default Permissions in Wing FTP Server <= 7.2.0

Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.

Action-Not Available
Vendor-wftpserverWing FTP Server
Product-wing_ftp_serverWing FTP Server
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31468
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.38%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-02 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.

Action-Not Available
Vendor-inosoftn/ainosoft
Product-visiwin_7n/avisiwin_7
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31068
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.50% / 80.94%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.

Action-Not Available
Vendor-tsplusn/a
Product-tsplus_remote_accessn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31067
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.64% / 81.74%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.

Action-Not Available
Vendor-tsplusn/a
Product-tsplus_remote_accessn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-34352
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.13%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 01:36
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacosiOS and iPadOSmacOSwatchOStvOS
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • ...
  • 11
  • 12
  • 13
  • ...
  • 29
  • 30
  • Next