CWE-276
Incorrect Default Permissions
Description
During installation, installed file permissions are set to allow anyone to modify those files.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-127 · CAPEC-81
CVEs mapped to this weakness (474)
page 2 of 24| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16128 | — | Cri | 0.64 | 9.8 | 0.01 | Jun 7, 2018 | The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry. | |
| CVE-2017-16127 | — | Cri | 0.64 | 9.8 | 0.01 | Jun 7, 2018 | The module pandora-doomsday infects other modules. It's since been unpublished from the registry. | |
| CVE-2017-0847 | Cri | 0.64 | 9.8 | 0.00 | Nov 16, 2017 | An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999. | ||
| CVE-2017-5642 | Cri | 0.64 | 9.8 | 0.02 | Apr 3, 2017 | During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | ||
| CVE-2017-12763 | Hig | 0.61 | 8.8 | 0.04 | Aug 29, 2017 | An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. | ||
| CVE-2006-5014 | Hig | 0.61 | 8.8 | 0.04 | Sep 27, 2006 | Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin. | ||
| CVE-2017-11741 | Hig | 0.60 | 8.8 | 0.01 | Aug 8, 2017 | HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts. | ||
| CVE-2024-55959 | Cri | 0.59 | 9.1 | 0.01 | Jan 21, 2025 | Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. | ||
| CVE-2024-46505 | Cri | 0.59 | 9.1 | 0.00 | Jan 9, 2025 | Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | ||
| CVE-2019-20457 | Cri | 0.59 | 9.1 | 0.01 | Nov 7, 2024 | An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the… | ||
| CVE-2017-8625 | Hig | 0.58 | 8.8 | 0.15 | Aug 8, 2017 | Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass… | ||
| CVE-2026-49157 | Hig | 0.57 | 8.8 | 0.00 | Jun 1, 2026 | Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin (low-privilege) web-login accounts access to Jolokia operations which… | ||
| CVE-2026-21765 | Hig | 0.57 | 8.8 | 0.00 | Apr 2, 2026 | HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions. | ||
| CVE-2025-10314 | Hig | 0.57 | 8.8 | 0.00 | Feb 5, 2026 | Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation… | ||
| CVE-2021-47852 | Hig | 0.57 | 8.8 | 0.00 | Jan 21, 2026 | Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and… | ||
| CVE-2025-62577 | Hig | 0.57 | 8.8 | 0.00 | Oct 20, 2025 | ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges. | ||
| CVE-2025-11535 | Hig | 0.57 | — | 0.00 | Oct 8, 2025 | MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24. | ||
| CVE-2025-57625 | Hig | 0.57 | 8.8 | 0.01 | Sep 16, 2025 | CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these issues to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM by replacing DataSpotliteAgent.exe or any other… | ||
| CVE-2024-13972 | Hig | 0.57 | 8.8 | 0.00 | Jul 17, 2025 | A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade. | ||
| CVE-2024-38499 | Hig | 0.57 | 8.8 | 0.00 | Dec 17, 2024 | CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a… |
- risk 0.64cvss 9.8epss 0.01
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
- risk 0.64cvss 9.8epss 0.01
The module pandora-doomsday infects other modules. It's since been unpublished from the registry.
- risk 0.64cvss 9.8epss 0.00
An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999.
- risk 0.64cvss 9.8epss 0.02
During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.
- risk 0.61cvss 8.8epss 0.04
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
- risk 0.61cvss 8.8epss 0.04
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
- risk 0.60cvss 8.8epss 0.01
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
- risk 0.59cvss 9.1epss 0.01
Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.
- risk 0.59cvss 9.1epss 0.00
Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
- risk 0.59cvss 9.1epss 0.01
An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the…
- risk 0.58cvss 8.8epss 0.15
Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass…
- risk 0.57cvss 8.8epss 0.00
Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin (low-privilege) web-login accounts access to Jolokia operations which…
- risk 0.57cvss 8.8epss 0.00
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
- risk 0.57cvss 8.8epss 0.00
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation…
- risk 0.57cvss 8.8epss 0.00
Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and…
- risk 0.57cvss 8.8epss 0.00
ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.
- risk 0.57cvss —epss 0.00
MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24.
- risk 0.57cvss 8.8epss 0.01
CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these issues to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM by replacing DataSpotliteAgent.exe or any other…
- risk 0.57cvss 8.8epss 0.00
A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.
- risk 0.57cvss 8.8epss 0.00
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a…