Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2018-09-12 CVE-2018-12175 Incorrect Default Permissions vulnerability in Intel Distribution for Python 2018
Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access.
local
low complexity
intel CWE-276
7.8
2018-09-12 CVE-2018-12160 Incorrect Default Permissions vulnerability in Intel Data Migration Software 3.1
DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.
local
low complexity
intel CWE-276
5.3
2018-07-24 CVE-2017-3209 Incorrect Default Permissions vulnerability in Dbpower U818A Firmware
The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user.
low complexity
dbpower CWE-276
8.1
2018-07-24 CVE-2018-10604 Incorrect Default Permissions vulnerability in Selinc SEL Compass 3.0.5.1
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.
network
low complexity
selinc CWE-276
8.8
2018-07-23 CVE-2018-6683 Incorrect Default Permissions vulnerability in Mcafee Data Loss Prevention Endpoint
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
low complexity
mcafee CWE-276
7.4
2018-07-13 CVE-2018-7535 Incorrect Default Permissions vulnerability in Totalav 4.1.7/4.6.19
An issue was discovered in TotalAV v4.1.7.
local
low complexity
totalav CWE-276
7.8
2018-06-11 CVE-2017-7794 Incorrect Default Permissions vulnerability in Mozilla Firefox
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions.
local
low complexity
mozilla CWE-276
7.8
2018-06-11 CVE-2017-7761 Incorrect Default Permissions vulnerability in Mozilla Firefox
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users.
local
low complexity
mozilla CWE-276
5.5
2018-06-07 CVE-2017-16128 Incorrect Default Permissions vulnerability in Npm-Script-Demo Project Npm-Script-Demo 0.0.1
The module npm-script-demo opened a connection to a command and control server.
network
low complexity
npm-script-demo-project CWE-276
critical
9.8
2018-06-07 CVE-2017-16127 Incorrect Default Permissions vulnerability in Pandora-Doomsday Project Pandora-Doomsday 0.0.1
The module pandora-doomsday infects other modules.
network
low complexity
pandora-doomsday-project CWE-276
critical
9.8