CWE-276
Incorrect Default Permissions
Description
During installation, installed file permissions are set to allow anyone to modify those files.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-127 · CAPEC-81
CVEs mapped to this weakness (474)
page 11 of 24| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-36742 | Med | 0.44 | 6.8 | 0.00 | May 13, 2026 | Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode). | ||
| CVE-2025-36522 | Med | 0.44 | 6.7 | 0.00 | Feb 10, 2026 | Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable… | ||
| CVE-2025-36511 | Med | 0.44 | 6.7 | 0.00 | Feb 10, 2026 | Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation… | ||
| CVE-2025-32453 | Med | 0.44 | 6.7 | 0.00 | Feb 10, 2026 | Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege.… | ||
| CVE-2025-31655 | Med | 0.44 | 6.7 | 0.00 | Feb 10, 2026 | Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of… | ||
| CVE-2025-22849 | Med | 0.44 | 6.7 | 0.00 | Feb 10, 2026 | Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an… | ||
| CVE-2026-0705 | Med | 0.44 | 6.7 | 0.00 | Jan 27, 2026 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354. | ||
| CVE-2025-31940 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Incorrect default permissions for some Intel(R) Thread Director Visualizer software before version 1.1.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may… | ||
| CVE-2025-30518 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Incorrect default permissions for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of… | ||
| CVE-2025-27711 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Incorrect default permissions for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity… | ||
| CVE-2025-27246 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable… | ||
| CVE-2025-12100 | Hig | 0.44 | 7.8 | 0.00 | Oct 23, 2025 | Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6. | ||
| CVE-2025-27559 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2025-26470 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2025-20087 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2025-20023 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2025-48959 | Med | 0.44 | 6.7 | 0.00 | Jun 4, 2025 | Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077. | ||
| CVE-2025-20095 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-47550 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-28954 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
- risk 0.44cvss 6.8epss 0.00
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode).
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable…
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation…
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege.…
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of…
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an…
- risk 0.44cvss 6.7epss 0.00
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354.
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) Thread Director Visualizer software before version 1.1.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may…
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of…
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity…
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable…
- risk 0.44cvss 7.8epss 0.00
Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.
- risk 0.44cvss 6.7epss 0.00
Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access.