Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2018-03-14 CVE-2018-7533 Incorrect Default Permissions vulnerability in Osisoft PI Data Archive 2017
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior.
local
low complexity
osisoft CWE-276
7.2
7.2
2017-12-27 CVE-2016-6914 Incorrect Default Permissions vulnerability in UI Unifi Video
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
local
low complexity
ui CWE-276
7.2
7.2
2017-11-16 CVE-2017-0847 Incorrect Default Permissions vulnerability in Google Android 8.0
An elevation of privilege vulnerability in the Android media framework (mediaanalytics).
network
low complexity
google CWE-276
7.5
7.5
2017-11-03 CVE-2017-16522 Incorrect Default Permissions vulnerability in Mitrastar Dsl-100Hn-T1 Firmware and Gpt-2541Gnac Firmware
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
network
low complexity
mitrastar CWE-276
critical
 9.0
9.0
2017-10-05 CVE-2017-1000089 Incorrect Default Permissions vulnerability in Jenkins Pipeline: Build Step
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins.
network
low complexity
jenkins CWE-276
5.0
5.0
2017-10-05 CVE-2017-1000084 Incorrect Default Permissions vulnerability in Jenkins Parameterized Trigger
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
network
low complexity
jenkins CWE-276
4.0
4.0
2017-09-29 CVE-2017-12230 Incorrect Default Permissions vulnerability in Cisco IOS XE 16.2.1
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device.
network
low complexity
cisco CWE-276
critical
 9.0
9.0
2017-09-13 CVE-2017-14427 Incorrect Default Permissions vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-276
7.8
7.8
2017-09-13 CVE-2017-14425 Incorrect Default Permissions vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-276
7.8
7.8
2017-09-13 CVE-2017-14424 Incorrect Default Permissions vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-276
7.8
7.8