Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2021-05-05 CVE-2021-25317 A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. 0.0
2021-05-05 CVE-2021-25319 A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. 0.0
2021-04-27 CVE-2021-3451 Incorrect Default Permissions vulnerability in Lenovo Pcmanager 3.0.200.2042/3.0.50.9162
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations.
local
low complexity
lenovo CWE-276
2.1
2021-04-26 CVE-2021-20532 Incorrect Default Permissions vulnerability in IBM products
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions.
local
low complexity
ibm CWE-276
7.2
2021-04-22 CVE-2021-0246 Incorrect Default Permissions vulnerability in Juniper Junos 18.3/18.4/19.1
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider.
local
low complexity
juniper CWE-276
4.6
2021-04-22 CVE-2021-0235 Incorrect Default Permissions vulnerability in Juniper Junos
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider.
local
low complexity
juniper CWE-276
4.6
2021-04-21 CVE-2020-27569 Incorrect Default Permissions vulnerability in Aviatrix Openvpn
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier.
network
low complexity
aviatrix CWE-276
5.0
2021-04-21 CVE-2020-27568 Incorrect Default Permissions vulnerability in Aviatrix Controller 5.3.1516
Insecure File Permissions exist in Aviatrix Controller 5.3.1516.
network
low complexity
aviatrix CWE-276
5.0
2021-04-13 CVE-2021-0428 Incorrect Default Permissions vulnerability in Google Android 10.0
In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check.
local
low complexity
google CWE-276
2.1
2021-04-13 CVE-2020-27228 Incorrect Default Permissions vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3.
6.8