Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-276

CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276

CVE-2020-12277 MEDIUM

GitLab 10.8-12.9 - Unauthenticated Repository Mirroring via Unauthorized Feature Access

CVE-2020-8471 HIGH

ABB Central Licensing Server - Authenticated Arbitrary Code Execution via Weak File Permissions

CVE-2020-12118 HIGH

Binance tss-lib < 1.2.0 - Keygen Protocol Parameter Manipulation

CVE-2020-8798 MEDIUM

Juplink RX4-1500 Firmware 1.0.3-1.0.5 - Unauthenticated Router Settings Access via setup3.htm Endpoint

CVE-2020-12075 HIGH

Data Tables Generator by Supsystic < 1.9.92 - Unauthenticated Incorrect Default Permissions

CVE-2020-11692 LOW

JetBrains YouTrack < 2020.1.659 - Incorrect Default Permissions for DB Export

CVE-2020-11689 MEDIUM

JetBrains TeamCity < 2019.2.1 - Unauthenticated Settings Import via settings.kts

CVE-2020-0547 HIGH

Intel Data Migration Software <= 3.3 - Authenticated Privilege Escalation via Installer Default Permissions

CVE-2020-4274 MEDIUM

IBM QRadar 7.3.0-7.3.3 Patch 2 - Authenticated Unauthorized Data Access via Inadequate Permission Checks

CVE-2020-4270 HIGH

IBM QRadar 7.3.0-7.3.3 Patch 2 - Privilege Escalation via Weak File Permissions

CVE-2020-7802 MEDIUM

SSS HUSKY RTU 6049-E70 <5.0 - Info Disclosure

CVE-2020-6456 MEDIUM

Google Chrome < 81.0.4044.92 - Site Isolation Bypass via Clipboard Input

CVE-2020-6446 MEDIUM

Google Chrome < 81.0.4044.92 - Content Security Policy Bypass via Trusted Types

CVE-2020-6445 MEDIUM

Google Chrome < 81.0.4044.92 - Content Security Policy Bypass via Trusted Types

CVE-2020-6441 MEDIUM

Google Chrome < 81.0.4044.92 - Incorrect Default Permissions

CVE-2020-6439 HIGH

Google Chrome < 81.0.4044.92 - Security UI Bypass via Crafted HTML Page

CVE-2020-6431 MEDIUM

Google Chrome < 81.0.4044.92 - Security UI Spoofing via Full Screen Policy Enforcement

CVE-2020-1985 HIGH

Secdo - Incorrect Default Permissions in Logs Folder

CVE-2020-7004 HIGH

VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module - Insecure Directory Permissions

CVE-2020-11444 HIGH

Sonatype Nexus Repository Manager 3.0.0-3.21.2 - Incorrect Access Control

CVE-2020-5551 HIGH

Toyota Display Control Unit - Unauthenticated Denial of Service and Arbitrary Command Execution via Bluetooth

CVE-2020-10939 HIGH

PHOENIX CONTACT PC WORX SRT <1.14 - Privilege Escalation

CVE-2020-3766 HIGH

Adobe Genuine Integrity Service <6.4 - Privilege Escalation

CVE-2020-9392 HIGH

Pricing Table by Supsystic < 1.8.2 - Unauthenticated Arbitrary Table Creation and Data Exposure

CVE-2020-10660 MEDIUM

HashiCorp Vault <1.3.3 - Info Disclosure

Previous Page 51 of 61 Next

Details

Vulnerabilities 1,512

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy