Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-1157 2Fedoraproject Moodle 2Fedora Moodle Nov 21, 2024 Nov 14, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default
CVE-2010-5108 2Debian Edgewall 2Debian Linux Trac Nov 21, 2024 Nov 13, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
CVE-2019-4652 1Ibm 1Spectrum Protect Plus Nov 21, 2024 Nov 12, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions....Show more IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963.Show less
CVE-2013-1425 2Debian Ldap Git Backup Project 2Debian Linux Ldap Git Backup Nov 21, 2024 Nov 7, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.
CVE-2019-1982 1Cisco 3Firepower Services Software For Asa Firepower Threat DefenseSecure Firewall Management Center Nov 26, 2024 Nov 5, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated...Show more A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked.Show less
CVE-2019-12752 1Symantec 1Sonar Nov 21, 2024 Nov 1, 2019 N/A· v4 6.1 MEDIUM· v3 4.1 MEDIUM· v2 The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident...Show more The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system.Show less
CVE-2019-18369 1Jetbrains 1Youtrack Nov 21, 2024 Oct 31, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
CVE-2019-18367 1Jetbrains 1Teamcity Nov 21, 2024 Oct 31, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVE-2019-18366 1Jetbrains 1Teamcity Nov 21, 2024 Oct 31, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVE-2012-5577 2Debian Python 2Debian Linux Keyring Nov 21, 2024 Oct 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Python keyring lib before 0.10 created keyring files with world-readable permissions.
CVE-2019-14925 2Inea Mitsubishielectric 2Me Rtu Firmware Smartrtu Firmware Nov 21, 2024 Oct 28, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an...Show more An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.Show less
CVE-2019-10474 1Jenkins 1Global Post Script Nov 21, 2024 Oct 23, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system.
CVE-2019-10473 1Jenkins 1Libvirt Slaves Nov 21, 2024 Oct 23, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-10472 1Jenkins 1Libvirt Slaves Nov 21, 2024 Oct 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another m...Show more A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2019-10470 1Jenkins 1Kubernetes Ci Nov 21, 2024 Oct 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-10469 1Jenkins 1Kubernetes Ci Nov 21, 2024 Oct 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained thr...Show more A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2019-10465 1Jenkins 1Deploy Weblogic Nov 21, 2024 Oct 23, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or dire...Show more A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system.Show less
CVE-2019-10463 1Jenkins 1Dynatrace Application Monitoring Nov 21, 2024 Oct 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-16919 2Linuxfoundation Vmware 3Cloud Foundation HarborHarbor Container Registry Nov 21, 2024 Oct 18, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project the...Show more Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.Show less
CVE-2019-15962 1Cisco 1Telepresence Collaboration Endpoint Nov 21, 2024 Oct 16, 2019 N/A· v4 4.4 MEDIUM· v3 6.6 MEDIUM· v2 A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to...Show more A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.Show less

Previous 1...697071...76 Next