CWE-276— Incorrect Default Permissions

grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.

In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privi…

In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution…

In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed …

In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User …

In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional…

In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional…

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution p…

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory …

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method

AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.

An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole …

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secM…

An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component.

upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is …

A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.

A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.

Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to res…

Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file.

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be re…

Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment…

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.

there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp…

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.

The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11…

This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, visionOS 1.3. A file received from AirDrop may not have the quarantine flag applied.

A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges durin…

WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.

4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential s…

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autor…

In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on…

Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.

Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading …

WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field.

Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.

CMSimple 5.16 allows the user to edit log.php file via print page.

An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.