CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-276

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43199 276 2021-11-09 2021-11-09
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
2 CVE-2021-42098 276 Bypass 2021-10-18 2021-10-21
6.5
None Remote Low ??? Partial Partial Partial
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell.
3 CVE-2021-42055 276 2021-10-18 2021-10-22
4.6
None Local Low Not required Partial Partial Partial
ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.
4 CVE-2021-42011 276 Exec Code 2021-10-21 2021-10-27
4.6
None Local Low Not required Partial Partial Partial
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
5 CVE-2021-40123 276 2021-10-21 2021-10-25
4.0
None Remote Low ??? Partial None None
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted.
6 CVE-2021-39886 276 2021-10-05 2021-10-09
4.0
None Remote Low ??? Partial None None
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
7 CVE-2021-39274 276 Exec Code 2021-08-19 2021-08-30
10.0
None Remote Low Not required Complete Complete Complete
In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges.
8 CVE-2021-39273 276 Exec Code 2021-08-19 2021-08-26
9.0
None Remote Low ??? Complete Complete Complete
In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.
9 CVE-2021-38420 276 2021-11-03 2021-11-05
4.6
None Local Low Not required Partial Partial Partial
Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.
10 CVE-2021-38379 276 2021-10-27 2021-11-04
2.1
None Local Low Not required Partial None None
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.
11 CVE-2021-37363 276 2021-10-26 2021-10-28
9.3
None Remote Medium Not required Complete Complete Complete
An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
12 CVE-2021-37351 276 2021-08-13 2021-08-23
5.0
None Remote Low Not required Partial None None
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.
13 CVE-2021-37167 276 2021-08-02 2021-08-10
10.0
None Remote Low Not required Complete Complete Complete
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of the functionality of the device.
14 CVE-2021-36990 276 2021-10-28 2021-11-01
7.5
None Remote Low Not required Partial Partial Partial
There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.
15 CVE-2021-36989 276 2021-10-28 2021-11-01
7.5
None Remote Low Not required Partial Partial Partial
There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.
16 CVE-2021-36795 276 +Priv 2021-08-06 2021-08-16
4.4
None Local Medium Not required Partial Partial Partial
A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges.
17 CVE-2021-36365 276 2021-09-28 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
18 CVE-2021-36363 276 2021-09-28 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
19 CVE-2021-35312 276 2021-08-06 2021-08-14
7.2
None Local Low Not required Complete Complete Complete
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.
20 CVE-2021-34395 276 DoS 2021-06-22 2021-09-20
4.6
None Local Low Not required Partial Partial Partial
Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service.
21 CVE-2021-34387 276 Exec Code 2021-06-21 2021-06-29
7.2
None Local Low Not required Complete Complete Complete
The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.
22 CVE-2021-33923 276 2021-09-29 2021-10-07
2.1
None Local Low Not required Partial None None
Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database).
23 CVE-2021-33506 276 2021-05-26 2021-06-22
5.0
None Remote Low Not required None Partial None
jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.
24 CVE-2021-33334 276 2021-08-03 2021-08-11
4.0
None Remote Low ??? Partial None None
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration.
25 CVE-2021-33333 276 2021-08-03 2021-08-11
6.5
None Remote Low ??? Partial Partial Partial
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.
26 CVE-2021-33327 276 2021-08-03 2021-08-11
4.0
None Remote Low ??? Partial None None
The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled.
27 CVE-2021-33324 276 2021-08-03 2021-08-11
4.0
None Remote Low ??? Partial None None
The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.
28 CVE-2021-33214 276 2021-07-09 2021-09-21
6.0
None Remote Medium ??? Partial Partial Partial
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
29 CVE-2021-33092 276 2021-11-17 2021-11-19
7.2
None Local Low Not required Complete Complete Complete
Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access.
30 CVE-2021-33090 276 2021-11-17 2021-11-19
7.2
None Local Low Not required Complete Complete Complete
Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
31 CVE-2021-33088 276 2021-11-17 2021-11-22
7.2
None Local Low Not required Complete Complete Complete
Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access.
32 CVE-2021-33071 276 2021-11-17 2021-11-22
4.6
None Local Low Not required Partial Partial Partial
Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
33 CVE-2021-33062 276 2021-11-17 2021-11-22
4.6
None Local Low Not required Partial Partial Partial
Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
34 CVE-2021-32725 276 2021-07-12 2021-07-14
5.0
None Remote Low Not required Partial None None
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
35 CVE-2021-32464 276 Exec Code 2021-08-04 2021-08-12
7.2
None Local Low Not required Complete Complete Complete
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
36 CVE-2021-31998 276 2021-06-10 2021-06-24
7.2
None Local Low Not required Complete Complete Complete
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
37 CVE-2021-31519 276 Exec Code 2021-05-12 2021-05-21
4.4
None Local Medium Not required Partial Partial Partial
An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
38 CVE-2021-31217 276 2021-07-13 2021-07-15
9.4
None Remote Low Not required None Complete Complete
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
39 CVE-2021-30750 276 2021-09-08 2021-09-22
4.3
None Remote Medium Not required Partial None None
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user's recent contacts.
40 CVE-2021-30494 276 2021-04-14 2021-04-22
4.9
None Local Low Not required None None Complete
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).
41 CVE-2021-30493 276 2021-04-14 2021-04-22
4.9
None Local Low Not required None None Complete
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).
42 CVE-2021-29052 276 2021-05-17 2021-05-25
4.0
None Remote Low ??? Partial None None
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.
43 CVE-2021-29005 276 Exec Code +Priv 2021-10-11 2021-10-18
9.0
None Remote Low ??? Complete Complete Complete
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.
44 CVE-2021-28649 276 Exec Code 2021-05-12 2021-05-21
4.4
None Local Medium Not required Partial Partial Partial
An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
45 CVE-2021-28271 276 2021-04-27 2021-09-23
6.5
None Remote Low ??? Partial Partial Partial
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
46 CVE-2021-28098 276 2021-04-14 2021-04-21
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking.
47 CVE-2021-27193 276 2021-03-25 2021-04-02
7.5
None Remote Low Not required Partial Partial Partial
Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation.
48 CVE-2021-27032 276 2021-05-28 2021-06-17
7.2
None Local Low Not required Complete Complete Complete
Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service.
49 CVE-2021-26804 276 Bypass 2021-05-04 2021-05-12
4.0
None Remote Low ??? None Partial None
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
50 CVE-2021-26274 276 2021-07-07 2021-07-08
3.6
None Local Low Not required None Partial Partial
The Agent in NinjaRMM 5.0.909 has Insecure Permissions.
Total number of vulnerabilities : 535   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.