Show CWE-276: Incorrect Default Permissions - CXSecurity.com

	Topic	Date	Author
Low	MobileTrans 4.0.11 Weak Service Permissions	20.05.2023	Thurein Soe
Med.	BarracudaDrive v6.5 Insecure Folder Permissions	04.09.2020	Bobby Cooke
Med.	BarracudaDrive 6.5 Local Privilege Escalation	11.08.2020	Bobby Cooke
Med.	Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions	02.07.2017	Karn Ganeshen
Med.	WIN-911 7.17.00 Insecure File Permissions / Plaintext Password Storage	07.09.2016	sh4d0wman
Med.	Hide.Me VPN Client 1.2.4 - Privilege Escalation	08.07.2016	sh4d0wman
Med.	PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference	06.04.2016	orwelllabs
High	Zarafa Multiple incorrect default permissions	25.08.2014	Robert Scheck
High	Eventum 2.3.4 Incorrect Permissions / Code Injection	29.01.2014	High-Tech Bridge Secur...
High	Zavio IP Cameras multiple vulnerabilities	28.05.2013	CORE
Med.	Photodex ProShow Producer 5.0.3310 Privilege Escalation	20.03.2013	Inshell Security Advis...

CVEMAP Search Results

CVE

Details

Description

2024-10-22

Waiting for details

CVE-2024-7587

Updating...

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64.

2024-10-21

Waiting for details

CVE-2024-47825

Updating...

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than `/32` may be ignored if there is a policy rule referencing a more narrow prefix (`CIDRSet` or `toFQDN`) and this narrower policy rule specifies either `enableDefaultDeny: false` or `- toEntities: all`. Note that a rule specifying `toEntities: world` or `toEntities: 0.0.0.0/0` is insufficient, it must be to entity `all`.This issue has been patched in Cilium v1.14.16 and v1.15.10. As this issue only affects policies using `enableDefaultDeny: false` or that set `toEntities` to `all`, some workarounds are available. For users with policies using `enableDefaultDeny: false`, remove this configuration option and explicitly define any allow rules required. For users with egress policies that explicitly specify `toEntities: all`, use `toEntities: world`.

2024-10-18

Waiting for details

CVE-2024-47240

Updating...

Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition.

2024-10-17

Waiting for details

CVE-2024-49389

Updating...

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

2024-10-11

Waiting for details

CVE-2024-39544

Updating...

An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows a low-privileged user can access sensitive information compromising the confidentiality of the system. Junos OS Evolved: * All versions before 20.4R3-S9-EVO, * 21.2-EVO before 21.2R3-S7-EVO, * 21.4-EVO before 21.4R3-S5-EVO, * 22.1-EVO before 22.1R3-S5-EVO, * 22.2-EVO before 22.2R3-S3-EVO, * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO, * 22.4-EVO before 22.4R3-EVO, * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.

2024-09-23

Waiting for details

CVE-2024-46544

Updating...

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.

2024-09-12

Waiting for details

CVE-2024-38222

Updating...

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

2024-08-29

Waiting for details

CVE-2024-34018

Updating...

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.

2024-07-04

Waiting for details

CVE-2024-3904

Updating...

Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product.

2024-06-28

Waiting for details

CVE-2024-35139

Updating...

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.

Copyright 2025, cxsecurity.com