Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-276

CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276

CVE-2019-1982 MEDIUM

Cisco Firepower HTTP Filter Bypass via Malicious Headers

CVE-2019-12752 MEDIUM

Symantec SONAR < 12.0.2 - Tamper Protection Bypass via Incorrect Default Permissions

CVE-2019-18369 MEDIUM

JetBrains YouTrack < 2019.2.55152 - Incorrect Default Permissions

CVE-2019-18367 MEDIUM

JetBrains TeamCity < 2019.1.2 - Incorrect Default Permissions

CVE-2019-18366 MEDIUM

JetBrains TeamCity < 2019.1.2 - Secure Value Exposure via Build Runtime Parameters

CVE-2019-14925 MEDIUM

Mitsubishielectric Smartrtu Firmware - Incorrect Default Permissions

CVE-2019-10474 MEDIUM

Jenkins Global Post Script Plugin < 1.1.4 - Unauthenticated Information Disclosure via Script Listing

CVE-2019-10473 MEDIUM

Jenkins Libvirt Slaves Plugin < 1.8.5 - Unauthenticated Credential ID Enumeration via Form Methods

CVE-2019-10472 MEDIUM

Jenkins Libvirt Slaves Plugin < 1.8.5 - Missing Permission Check for SSH Credential Capture

CVE-2019-10470 MEDIUM

Jenkins Kubernetes CI < 1.3 - Unauthenticated Credential ID Enumeration via Form Methods

CVE-2019-10469 MEDIUM

Jenkins Kubernetes CI < 1.3 - Missing Permission Check for Credential Capture

CVE-2019-10465 MEDIUM

Jenkins Deploy WebLogic Plugin < 4.1 - Server-Side Request Forgery and Information Disclosure via URL Connection

CVE-2019-10463 MEDIUM

Jenkins Dynatrace Application Monitoring < 2.1.4 - Incorrect Default Permissions

CVE-2019-16919 HIGH

Harbor 1.8.0-1.8.2 - Broken Access Control via Robot Account Creation

CVE-2019-15962 MEDIUM

Cisco TelePresence CE - Privilege Escalation

CVE-2019-14737 HIGH

Ubisoft Uplay 92.0.0.6280 - Insecure Default Permissions

CVE-2019-17044 HIGH

BMC Patrol Agent 9.0.10i - Local Privilege Escalation via SUID Binary Shared Library Injection

CVE-2019-17043 HIGH

BMC Patrol Agent 9.0.10i - Privilege Escalation via Weak SUID Binary Permissions

CVE-2019-2173 HIGH

Android 7.1.1-9 - Local Privilege Escalation via ActivityStarter Permission Check

CVE-2019-2114 HIGH

Android 8.0-9 - Local Privilege Escalation via NFC Default Permissions

CVE-2019-14510 MEDIUM

Kaseya VSA RMM <9.5.0.22 - Privilege Escalation

CVE-2019-17365 HIGH

Nix < 2.3 - Unauthorized User Profile Access via World-Writable Parent Directory

CVE-2019-17383 CRITICAL

netaddr < 1.5.3 and 2.0.0-2.0.3 - Incorrect Default Permissions

CVE-2019-17124 CRITICAL

Kramer VIAware 2.5.0719.1034 - Incorrect Access Control

CVE-2019-16913 HIGH

PC Protect Antivirus 4.14.31 - Privilege Escalation via Weak Directory Permissions

Previous Page 55 of 61 Next

Details

Vulnerabilities 1,512

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy