QSearchQSearch

CVE-2021-39274

9.8 CRITICAL

In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged us...

Published: 2021-08-19 · Last updated: 2026-06-17

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-276

Affected products

VendorProduct
xerosecuritysn1per

Description

In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-39273 In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user ... (8.8 HIGH)

Same CWE

  • CVE-2026-50255 Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier (6.7 MEDIUM)
  • CVE-2026-11931 Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to ... (5.5 MEDIUM)
  • CVE-2026-49157 Incorrect Default Permissions vulnerability in Apache ActiveMQ (8.8 HIGH)
  • CVE-2026-48191 An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules... (3.5 LOW)
  • CVE-2026-48190 An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query ... (3.5 LOW)