CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2018-0023 MEDIUM
JSNAPy < 1.3.0 - Incorrect Default Permissions
CVSS 5.5
CVE-2018-7533 HIGH
OSIsoft PI Data Archive < 2017 - Incorrect Default Permissions
CVSS 7.8
CVE-2017-13314 HIGH
Android - Missing Authorization in NetworkManagementService
CVSS 7.8
CVE-2017-13312 HIGH
Android - Local Privilege Escalation via MediaCas Parcel Validation
CVSS 7.8
CVE-2017-13311 MEDIUM
Android - Local Privilege Escalation via ProcessStats Read Serialization Issue
CVSS 6.7
CVE-2017-13310 HIGH
Android - Permissions Bypass via ViewPager Serialization Issue
CVSS 7.8
CVE-2017-18915 CRITICAL
Mattermost Server <3.8.2-3.6.7 - Privilege Escalation
CVSS 9.8
CVE-2017-18868 HIGH
Digi XBee 2 Firmware - Unauthenticated Remote AT Command Execution via ZigBee Network Stack
CVSS 7.7
CVE-2017-18669 HIGH
Samsung N(7.x) - Privilege Escalation
CVSS 7.5
CVE-2017-18668 HIGH
Android - Denial of Service via Call and SMS Blocking
CVSS 7.5
CVE-2017-3210 HIGH
Portrait Display SDK 2.30-2.34 - Authenticated Privilege Escalation via pdiservice.exe
CVSS 7.8
CVE-2017-3209 HIGH
DBPOWER U818A Firmware - Unauthenticated Arbitrary File Read and Write via Anonymous FTP Access
CVSS 8.1
CVE-2017-7794 HIGH
Firefox < 55.0 - Incorrect Default Permissions via Sandbox Broker
CVSS 7.8
CVE-2017-7761 MEDIUM
Firefox < 52.2.0 - Privilege Escalation via Maintenance Service Junction Attack
CVSS 5.5
CVE-2017-16128 CRITICAL
npm-script-demo - Command Injection
CVSS 9.8
CVE-2017-16127 CRITICAL
pandora-doomsday - Replicating Malicious Code
CVSS 9.8
CVE-2017-0369 MEDIUM
MediaWiki < 1.23.16 - Authenticated Page Undeletion via Protection Bypass
CVSS 6.5
CVE-2017-15131 HIGH
xdg-user-dirs < 0.15.5 - Improper Access Control via Umask Policy Bypass
CVSS 7.8
CVE-2017-0847 CRITICAL
Android <8.0 - Privilege Escalation
CVSS 9.8
CVE-2017-16522 HIGH
MitraStar GPT-2541GNAC and DSL-100HN-T1 - Authenticated Privilege Escalation via Command Execution
CVSS 8.8
CVE-2017-1000089 MEDIUM
Jenkins Pipeline < 2.5 and pipeline-build-step < 2.5.1 - Unauthenticated Arbitrary Project Triggering
CVSS 5.3
CVE-2017-1000084 MEDIUM
Jenkins Parameterized Trigger Plugin - Unauthenticated Arbitrary Project Triggering
CVSS 6.5
CVE-2017-12230 HIGH
Cisco IOS XE 16.2 - Privilege Escalation
CVSS 8.8
CVE-2017-14427 HIGH
D-Link DIR-850L REV. A and B - Incorrect Default Permissions in /var/run/storage_account_root
CVSS 7.8
CVE-2017-14425 HIGH
D-Link DIR-850L REV. A FW<=114WWb07_h2ab_beta1 and REV. B FW<=208WWb02 - Incorrect Default Permissions
CVSS 7.8
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits