Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2019-05-29 CVE-2019-12450 Incorrect Default Permissions vulnerability in multiple products
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.
network
low complexity
gnome debian redhat canonical opensuse fedoraproject CWE-276
critical
 9.8
9.8
2019-05-22 CVE-2018-7822 Incorrect Default Permissions vulnerability in Schneider-Electric Modicon M221 Firmware and Somachine Basic
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic.
local
low complexity
schneider-electric CWE-276
2.1
2.1
2019-04-09 CVE-2019-3870 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2.
local
low complexity
samba fedoraproject synology CWE-276
6.1
6.1
2019-04-09 CVE-2019-0683 Incorrect Default Permissions vulnerability in Microsoft Windows 7 and Windows Server 2008
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.
network
microsoft CWE-276
4.3
4.3
2019-04-01 CVE-2018-13287 Incorrect Default Permissions vulnerability in Synology Router Manager
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-276
4.0
4.0
2019-04-01 CVE-2018-13286 Incorrect Default Permissions vulnerability in Synology Diskstation Manager
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
network
low complexity
synology CWE-276
4.0
4.0
2018-11-27 CVE-2018-11906 Incorrect Default Permissions vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs.
local
low complexity
google CWE-276
7.2
7.2
2018-11-16 CVE-2018-9085 Incorrect Default Permissions vulnerability in multiple products
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
network
low complexity
lenovo ibm CWE-276
4.0
4.0
2018-10-11 CVE-2018-12441 Incorrect Default Permissions vulnerability in Corsair Utility Engine
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system.
local
low complexity
corsair CWE-276
7.2
7.2
2018-09-26 CVE-2018-8848 Incorrect Default Permissions vulnerability in Philips E-Alert Firmware
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
low complexity
philips CWE-276
5.0
5.0