Vulnerabilities (CVE)

Filtered by CWE-276
Total 1333 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12763 3 Apple, Linux, Nomachine 3 Mac Os X, Linux Kernel, Nomachine 2025-04-20 9.0 HIGH 8.8 HIGH
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
CVE-2017-1000089 1 Jenkins 1 Pipeline\ 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
CVE-2017-14424 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 2.1 LOW 7.8 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
CVE-2017-16522 1 Mitrastar 4 Dsl-100hn-t1, Dsl-100hn-t1 Firmware, Gpt-2541gnac and 1 more 2025-04-20 9.0 HIGH 8.8 HIGH
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
CVE-2017-5686 1 Intel 4 Nuc6i3syh Bios, Nuc6i3syk, Nuc6i3syk Bios and 1 more 2025-04-20 2.1 LOW 3.9 LOW
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information.
CVE-2017-4975 1 Pivotal 1 Pcf Tile Generator 2025-04-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.
CVE-2016-6914 2 Microsoft, Ui 2 Windows, Unifi Video 2025-04-20 7.2 HIGH 7.8 HIGH
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
CVE-2017-12699 1 Azeotech 1 Daqfactory 2025-04-20 3.6 LOW 7.1 HIGH
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.
CVE-2017-12230 1 Cisco 1 Ios Xe 2025-04-20 9.0 HIGH 8.8 HIGH
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062.
CVE-2017-11741 1 Hashicorp 1 Vagrant Vmware Fusion 2025-04-20 7.2 HIGH 8.8 HIGH
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
CVE-2017-11156 1 Synology 1 Download Station 2025-04-20 6.5 MEDIUM 7.8 HIGH
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
CVE-2017-5622 1 Oneplus 3 Oneplus 3, Oneplus 3t, Oxygenos 2025-04-20 3.6 LOW 5.9 MEDIUM
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.
CVE-2017-5685 1 Intel 2 Nuc6i7kyk, Nuc6i7kyk Bios 2025-04-20 2.1 LOW 3.9 LOW
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.
CVE-2017-11610 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Cloudforms and 1 more 2025-04-20 9.0 HIGH 8.8 HIGH
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
CVE-2017-1382 1 Ibm 1 Websphere Application Server 2025-04-20 3.6 LOW 7.1 HIGH
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.
CVE-2017-7968 1 Schneider-electric 1 Wonderware Indusoft Web Studio 2025-04-20 7.2 HIGH 7.8 HIGH
An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges.
CVE-2017-1000084 1 Jenkins 1 Parameterized Trigger 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
CVE-2022-48685 1 Logpoint 1 Siem 2025-04-18 N/A 7.7 HIGH
An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation.
CVE-2024-34221 1 Oretnom23 1 Human Resource Management System 2025-04-18 N/A 8.8 HIGH
Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.
CVE-2024-34223 1 Oretnom23 1 Human Resource Management System 2025-04-18 N/A 4.3 MEDIUM
Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.