Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2021-03-25 CVE-2021-25355 Incorrect Default Permissions vulnerability in Samsung Notes 2.0.02.31
Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.
local
low complexity
samsung CWE-276
4.6
2021-03-22 CVE-2021-22311 Incorrect Default Permissions vulnerability in Huawei Manageone 8.0.0/8.0.1
There is an improper permission assignment vulnerability in Huawei ManageOne product.
network
low complexity
huawei CWE-276
6.5
2021-03-22 CVE-2021-21438 Incorrect Default Permissions vulnerability in Otrs FAQ and Otrs
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category).
network
low complexity
otrs CWE-276
4.0
2021-03-11 CVE-2020-4976 Incorrect Default Permissions vulnerability in multiple products
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions.
local
low complexity
ibm netapp CWE-276
3.6
2021-03-10 CVE-2021-0381 Incorrect Default Permissions vulnerability in Google Android 11.0
In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent.
local
low complexity
google CWE-276
2.1
2021-03-09 CVE-2020-8357 Incorrect Default Permissions vulnerability in Lenovo Pcmanager 3.0.50.9162
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.
local
low complexity
lenovo CWE-276
2.1
2021-03-04 CVE-2021-25344 Incorrect Default Permissions vulnerability in Google Android 10.0/11.0
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.
local
low complexity
google CWE-276
2.1
2021-03-04 CVE-2021-24032 Incorrect Default Permissions vulnerability in Facebook Zstandard 1.4.1/1.4.2
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards.
1.9
2021-03-04 CVE-2021-24031 Incorrect Default Permissions vulnerability in Facebook Zstandard
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions.
local
low complexity
facebook CWE-276
2.1
2021-03-03 CVE-2020-13554 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
7.8