Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2019-04-01 CVE-2018-13287 Incorrect Default Permissions vulnerability in Synology Router Manager
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-276
6.5
6.5
2019-04-01 CVE-2018-13286 Incorrect Default Permissions vulnerability in Synology Diskstation Manager
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-276
6.5
6.5
2018-11-27 CVE-2018-11906 Incorrect Default Permissions vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs.
local
low complexity
google CWE-276
7.8
7.8
2018-11-16 CVE-2018-9085 Incorrect Default Permissions vulnerability in multiple products
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
network
low complexity
lenovo ibm CWE-276
4.9
4.9
2018-10-11 CVE-2018-12441 Incorrect Default Permissions vulnerability in Corsair Utility Engine
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system.
local
low complexity
corsair CWE-276
7.8
7.8
2018-09-12 CVE-2018-12175 Incorrect Default Permissions vulnerability in Intel Distribution for Python 2018
Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access.
local
low complexity
intel CWE-276
7.8
7.8
2018-09-12 CVE-2018-12160 Incorrect Default Permissions vulnerability in Intel Data Migration Software 3.1
DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.
local
low complexity
intel CWE-276
5.3
5.3
2018-07-24 CVE-2017-3209 Incorrect Default Permissions vulnerability in Dbpower U818A Firmware
The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user.
low complexity
dbpower CWE-276
8.1
8.1
2018-07-24 CVE-2018-10604 Incorrect Default Permissions vulnerability in Selinc SEL Compass 3.0.5.1
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.
network
low complexity
selinc CWE-276
8.8
8.8
2018-07-23 CVE-2018-6683 Incorrect Default Permissions vulnerability in Mcafee Data Loss Prevention Endpoint
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
low complexity
mcafee CWE-276
7.4
7.4