CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2017-14424 HIGH
D-Link DIR-850L REV. A FW<=114WWb07_h2ab_beta1 and REV. B FW<=208WWb02 - Incorrect Default Permissions
CVSS 7.8
CVE-2017-12699 HIGH
AzeoTech DAQFactory < 17.1 - Incorrect Default Permissions
CVSS 7.1
CVE-2017-12763 HIGH
NoMachine < 5.3.9 - Authenticated Privilege Escalation via Local File Access
CVSS 8.8
CVE-2017-11610 HIGH
Supervisor XML-RPC Authenticated Remote Code Execution
CVSS 8.8
CVE-2017-11156 HIGH
Synology Download Station 3.x < 3.5-2984 & 3.8.x < 3.8.5-3475 - Authenticated RCE via Weak Permissions
CVSS 7.8
CVE-2017-8625 HIGH
Internet Explorer - Security Feature Bypass via UMCI Policy Validation
CVSS 8.8
CVE-2017-11741 HIGH
HashiCorp Vagrant VMware Fusion <4.0.24 - Privilege Escalation
CVSS 8.8
CVE-2017-1382 HIGH
IBM WebSphere Application Server <9.0 - Info Disclosure
CVSS 7.1
CVE-2017-9505 MEDIUM
Atlassian Confluence <6.2.1 - Info Disclosure
CVSS 4.3
CVE-2017-4975 HIGH
Pivotal PCF Tile Generator <6.0.0 - Info Disclosure
CVSS 7.5
CVE-2017-7968 HIGH
Schneider Electric Wonderware InduSoft Web Studio < 8.0 - Incorrect Default Permissions
CVSS 7.8
CVE-2017-5686 LOW
Intel NUC 6th Gen BIOS < SY0059 - Unauthenticated Personal Information Exposure via Physical Access
CVSS 3.9
CVE-2017-5685 LOW
Intel NUC NUC6i7KYK < KY0045 - Unprotected User Data Exposure via BIOS
CVSS 3.9
CVE-2017-5684 LOW
Intel Compute Stick STK2MV64CC < CC047 - Unauthenticated Personal Information Exposure via BIOS
CVSS 3.9
CVE-2017-5642 CRITICAL
Apache Ambari 2.4.0-2.4.2 - Incorrect Default Permissions
CVSS 9.8
CVE-2017-5622 MEDIUM
OxygenOS < 4.0.2 - Unauthenticated ADB Access via Malicious Charger
CVSS 5.9
CVE-2017-6404 MEDIUM
Veritas NetBackup < 7.6.1.2 and NetBackup Appliance < 2.6.1.2 - Incorrect Default Permissions
CVSS 5.5
CVE-2016-20029 MEDIUM
ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
CVSS 6.2
CVE-2016-6914 HIGH
UniFi Video < 3.8.0 - Local Privilege Escalation via Weak Installation Directory Permissions
CVSS 7.8
CVE-2016-5425 HIGH
Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation
CVSS 7.8
CVE-2016-3943 HIGH
Panda Endpoint Administration Agent <7.50.00 - Privilege Escalation
CVSS 7.8
CVE-2015-9477 HIGH
Vernissage theme 1.2.8 - Incorrect Default Permissions
CVSS 8.8
CVE-2015-9476 HIGH
Teardrop theme 1.8.1 - Incorrect Default Permissions
CVSS 8.8
CVE-2015-9475 HIGH
Pont theme 1.5 for WordPress - Incorrect Default Permissions
CVSS 8.8
CVE-2015-9474 HIGH
Simpolio 1.3.2 - Incorrect Default Permissions
CVSS 8.8
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits