Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2019-08-06 CVE-2019-5687 Incorrect Default Permissions vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor
local
low complexity
nvidia microsoft CWE-276
3.6
3.6
2019-07-08 CVE-2019-9630 Incorrect Default Permissions vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
network
low complexity
sonatype CWE-276
5.0
5.0
2019-06-18 CVE-2019-7588 Incorrect Default Permissions vulnerability in Exacq Enterprise System Manager 5.12.2
A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. 		6.9
6.9
2019-06-11 CVE-2019-12795 Incorrect Default Permissions vulnerability in Gnome Gvfs
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule.
local
low complexity
gnome CWE-276
7.8
7.8
2019-05-29 CVE-2019-12450 Incorrect Default Permissions vulnerability in multiple products
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.
network
low complexity
gnome debian redhat canonical opensuse fedoraproject CWE-276
critical
 9.8
9.8
2019-05-22 CVE-2018-7822 Incorrect Default Permissions vulnerability in Schneider-Electric Modicon M221 Firmware and Somachine Basic
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic.
local
low complexity
schneider-electric CWE-276
2.1
2.1
2019-04-09 CVE-2019-3870 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2.
local
low complexity
samba fedoraproject synology CWE-276
6.1
6.1
2019-04-09 CVE-2019-0683 Incorrect Default Permissions vulnerability in Microsoft Windows 7 and Windows Server 2008
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.
network
microsoft CWE-276
4.3
4.3
2019-04-01 CVE-2018-13287 Incorrect Default Permissions vulnerability in Synology Router Manager
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-276
4.0
4.0
2019-04-01 CVE-2018-13286 Incorrect Default Permissions vulnerability in Synology Diskstation Manager
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-276
4.0
4.0