Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-18 | CVE-2016-3943 | Incorrect Default Permissions vulnerability in Watchguard Panda Endpoint Administration Agent 7.49 Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | 7.2 |
| 2016-04-18 | CVE-2015-7378 | Incorrect Default Permissions vulnerability in Watchguard Panda URL Filtering 4.3.1.8 Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | 7.2 |
| 2015-11-24 | CVE-2015-7985 | Incorrect Default Permissions vulnerability in Valvesoftware Steam Client 2.10.91.91 Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | 7.2 |
| 2013-10-28 | CVE-2013-4394 | Incorrect Default Permissions vulnerability in multiple products The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters." | 5.9 |
| 2011-05-03 | CVE-2011-1435 | Incorrect Default Permissions vulnerability in Google Chrome Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension. | 5.0 |
| 2010-12-07 | CVE-2010-4176 | Incorrect Default Permissions vulnerability in multiple products plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | 4.0 |
| 2005-06-08 | CVE-2005-1941 | Incorrect Default Permissions vulnerability in Silvercity Project Silvercity SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | 7.8 |
| 2004-12-22 | CVE-2004-1778 | Incorrect Default Permissions vulnerability in Skype 0.92.0.12/1.0.0.1 Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks. | 4.6 |
| 2002-12-31 | CVE-2002-1844 | Incorrect Default Permissions vulnerability in Microsoft Windows Media Player 6.3 Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | 7.8 |
| 2002-12-31 | CVE-2002-1713 | Incorrect Default Permissions vulnerability in Mandrakesoft Mandrake Linux 8.2 The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | 5.5 |