Vulnerabilities (CVE)

CWE filter

CWE-276

Filter

63 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-2173 1 Google 1 Android 2019-10-16 4.6
In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...
CVE-2015-9474 1 Simpolio Project 1 Simpolio 2019-10-16 6.5
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
CVE-2015-9475 1 Pont Project 1 Pont 2019-10-16 6.5
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
CVE-2019-17124 1 Kramerav 1 Viaware 2019-10-15 10.0
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.
CVE-2015-9476 1 Teardrop Project 1 Teardrop 2019-10-15 6.5
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.
CVE-2015-9477 1 Vernissage Project 1 Vernissage 2019-10-15 6.5
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.
CVE-2019-17383 1 Netaddr Project 1 Netaddr 2019-10-15 7.5
The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.
CVE-2019-3688 1 Suse 1 Suse Linux Enterprise Server 2019-10-11 6.6
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an...
CVE-2019-17365 1 Nixos 1 Nix 2019-10-11 4.6
Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.
CVE-2018-8848 1 Philips 1 E-alert Firmware 2019-10-09 5.0
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.
CVE-2018-7533 1 Osisoft 2 Pi Vision, Pi Data Archive 2019-10-09 7.2
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system.
CVE-2018-6683 1 Mcafee 1 Data Loss Prevention Endpoint 2019-10-09 4.6
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
CVE-2018-14650 2 Sos-collector Project, Redhat 6 Sos-collector, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-10-09 1.9
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run...
CVE-2018-13287 1 Synology 1 Router Manager 2019-10-09 4.0
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13286 1 Synology 1 Diskstation Manager 2019-10-09 4.0
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-0023 1 Juniper 1 Jsnapy 2019-10-09 2.1
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This...
CVE-2017-7968 1 Schneider-electric 1 Wonderware Indusoft Web Studio 2019-10-09 7.2
An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed...
CVE-2017-16128 1 Npm-script-demo Project 1 Npm-script-demo 2019-10-09 10.0
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
CVE-2017-16127 1 Pandora-doomsday Project 1 Pandora-doomsday 2019-10-09 10.0
The module pandora-doomsday infects other modules. It's since been unpublished from the registry.
CVE-2017-12699 1 Azeotech 1 Daqfactory 2019-10-09 3.6
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.