Filtered by CWE-276
Filtered by vendor Subscriptions
Total 1138 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-12763 3 Apple, Linux, Nomachine 3 Mac Os X, Linux Kernel, Nomachine 2024-11-21 N/A
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
CVE-2017-12699 1 Azeotech 1 Daqfactory 2024-11-21 N/A
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.
CVE-2017-12230 1 Cisco 1 Ios Xe 2024-11-21 N/A
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062.
CVE-2017-11741 1 Hashicorp 1 Vagrant Vmware Fusion 2024-11-21 N/A
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
CVE-2017-11610 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Cloudforms and 2 more 2024-11-21 N/A
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
CVE-2017-11156 1 Synology 1 Download Station 2024-11-21 N/A
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
CVE-2017-1000089 2 Jenkins, Redhat 2 Pipeline\, Openshift 2024-11-21 N/A
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
CVE-2017-1000084 1 Jenkins 1 Parameterized Trigger 2024-11-21 N/A
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
CVE-2017-0847 1 Google 1 Android 2024-11-21 N/A
An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999.
CVE-2017-0369 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-11-21 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
CVE-2016-6914 2 Microsoft, Ui 2 Windows, Unifi Video 2024-11-21 7.8 High
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
CVE-2016-5425 3 Apache, Oracle, Redhat 10 Tomcat, Instantis Enterprisetrack, Linux and 7 more 2024-11-21 7.8 High
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CVE-2016-3943 1 Watchguard 1 Panda Endpoint Administration Agent 2024-11-21 7.8 High
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
CVE-2015-9477 1 Vernissage Project 1 Vernissage 2024-11-21 8.8 High
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.
CVE-2015-9476 1 Teardrop Project 1 Teardrop 2024-11-21 8.8 High
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.
CVE-2015-9475 1 Pont Project 1 Pont 2024-11-21 8.8 High
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
CVE-2015-9474 1 Simpolio Project 1 Simpolio 2024-11-21 8.8 High
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
CVE-2015-7985 1 Valvesoftware 1 Steam Client 2024-11-21 N/A
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
CVE-2015-7378 1 Watchguard 1 Panda Url Filtering 2024-11-21 7.8 High
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
CVE-2014-7303 1 Hp 1 Sgi Tempo 2024-11-21 7.8 High
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.