Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2017-09-13 CVE-2017-14425 Incorrect Default Permissions vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-276
7.8
7.8
2017-09-13 CVE-2017-14424 Incorrect Default Permissions vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-276
7.8
7.8
2017-09-09 CVE-2017-12699 Incorrect Default Permissions vulnerability in Azeotech Daqfactory
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1.
local
low complexity
azeotech CWE-276
7.1
7.1
2017-08-29 CVE-2017-12763 Incorrect Default Permissions vulnerability in Nomachine
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
network
low complexity
nomachine CWE-276
8.8
8.8
2017-08-23 CVE-2017-11610 Incorrect Default Permissions vulnerability in multiple products
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
network
low complexity
supervisord fedoraproject debian redhat CWE-276
8.8
8.8
2017-08-08 CVE-2017-8625 Incorrect Default Permissions vulnerability in Microsoft Internet Explorer 11
Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".
network
low complexity
microsoft CWE-276
8.8
8.8
2017-08-08 CVE-2017-11741 Incorrect Default Permissions vulnerability in Hashicorp Vagrant VMWare Fusion
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
local
low complexity
hashicorp CWE-276
8.8
8.8
2017-07-24 CVE-2017-1382 Incorrect Default Permissions vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used.
local
low complexity
ibm CWE-276
7.1
7.1
2017-06-15 CVE-2017-9505 Incorrect Default Permissions vulnerability in Atlassian Confluence
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments.
network
low complexity
atlassian CWE-276
4.3
4.3
2017-06-13 CVE-2017-4975 Incorrect Default Permissions vulnerability in Pivotal PCF Tile Generator 5.0.7
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0.
network
low complexity
pivotal CWE-276
7.5
7.5