Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-0441 Incorrect Default Permissions vulnerability in Google Android 11.0
In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI.
local
google CWE-276
4.4
2021-07-14 CVE-2021-0486 Incorrect Default Permissions vulnerability in Google Android 10.0/11.0
In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass.
local
low complexity
google CWE-276
4.6
2021-07-14 CVE-2021-0588 Incorrect Default Permissions vulnerability in Google Android 8.1/9.0
In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check.
local
low complexity
google CWE-276
4.9
2021-07-14 CVE-2021-0590 Incorrect Default Permissions vulnerability in Google Android
In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check.
local
low complexity
google CWE-276
4.9
2021-07-14 CVE-2021-0603 Incorrect Default Permissions vulnerability in Google Android 11.0
In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack.
local
google CWE-276
4.4
2021-07-14 CVE-2021-0654 Incorrect Default Permissions vulnerability in Google Android
In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check.
network
google CWE-276
4.3
2021-07-13 CVE-2021-31217 Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
network
low complexity
solarwinds CWE-276
critical
9.4
2021-07-12 CVE-2021-32725 Incorrect Default Permissions vulnerability in Nextcloud Server
Nextcloud Server is a Nextcloud package that handles data storage.
network
low complexity
nextcloud CWE-276
5.0
2021-07-09 CVE-2021-33214 Incorrect Default Permissions vulnerability in Hms-Networks Ecatcher
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
6.0
2021-07-07 CVE-2021-26274 Incorrect Default Permissions vulnerability in Ninjarmm 5.0.909
The Agent in NinjaRMM 5.0.909 has Insecure Permissions.
local
low complexity
ninjarmm CWE-276
3.6