VYPR

CWE-276

Incorrect Default Permissions

BaseDraftLikelihood: Medium

Description

During installation, installed file permissions are set to allow anyone to modify those files.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-127 · CAPEC-81

CVEs mapped to this weakness (474)

page 12 of 24
  • CVE-2024-42419MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-32942MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-24826MedJan 28, 2025
    risk 0.44cvss 6.7epss 0.00

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625.

  • CVE-2024-50657MedNov 22, 2024
    risk 0.44cvss 6.8epss 0.00

    An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method

  • CVE-2024-29083MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-25647MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2023-42133MedOct 11, 2024
    risk 0.44cvss 6.7epss 0.00

    PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version…

  • CVE-2024-23974MedAug 14, 2024
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-22378MedAug 14, 2024
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2023-43747MedAug 14, 2024
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-27180MedJun 14, 2024
    risk 0.44cvss 6.7epss 0.00

    An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference URL.

  • CVE-2023-42668MedMay 16, 2024
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2023-42433MedMay 16, 2024
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-34011MedApr 29, 2024
    risk 0.44cvss 6.8epss 0.00

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.

  • CVE-2023-28389MedMar 14, 2024
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-8421MedNov 12, 2025
    risk 0.43cvss 6.6epss 0.00

    An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with elevated privileges.

  • CVE-2024-32978MedMay 27, 2024
    risk 0.43cvss 6.6epss 0.01

    Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of…

  • CVE-2026-8487MedMay 20, 2026
    risk 0.42cvss 6.5epss 0.00

    Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

  • CVE-2026-41712HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.

  • CVE-2026-30811MedApr 13, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800