Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2017-10-05 CVE-2017-1000089 Incorrect Default Permissions vulnerability in Jenkins Pipeline: Build Step
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins.
network
low complexity
jenkins CWE-276
5.3
5.3
2017-10-05 CVE-2017-1000084 Incorrect Default Permissions vulnerability in Jenkins Parameterized Trigger
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
network
low complexity
jenkins CWE-276
6.5
6.5
2017-09-29 CVE-2017-12230 Incorrect Default Permissions vulnerability in Cisco IOS XE 16.2.1
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device.
network
low complexity
cisco CWE-276
8.8
8.8
2017-09-13 CVE-2017-14427 Incorrect Default Permissions vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-276
7.8
7.8
2017-09-13 CVE-2017-14425 Incorrect Default Permissions vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-276
7.8
7.8
2017-09-13 CVE-2017-14424 Incorrect Default Permissions vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-276
7.8
7.8
2017-09-09 CVE-2017-12699 Incorrect Default Permissions vulnerability in Azeotech Daqfactory
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1.
local
low complexity
azeotech CWE-276
7.1
7.1
2017-08-29 CVE-2017-12763 Incorrect Default Permissions vulnerability in Nomachine
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
network
low complexity
nomachine CWE-276
8.8
8.8
2017-08-23 CVE-2017-11610 Incorrect Default Permissions vulnerability in multiple products
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
network
low complexity
supervisord fedoraproject debian redhat CWE-276
8.8
8.8
2017-08-08 CVE-2017-8625 Incorrect Default Permissions vulnerability in Microsoft Internet Explorer 11
Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".
network
low complexity
microsoft CWE-276
8.8
8.8