Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-28906 | Incorrect Default Permissions vulnerability in Nagios Fusion and Nagios XI Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. | 8.8 |
| 2021-05-17 | CVE-2020-13667 | Incorrect Default Permissions vulnerability in Drupal Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. | 5.3 |
| 2021-05-17 | CVE-2021-29052 | Incorrect Default Permissions vulnerability in Liferay DXP and Liferay Portal The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls. | 4.3 |
| 2021-05-13 | CVE-2020-21342 | Incorrect Default Permissions vulnerability in Zzcms 201910 Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. | 7.5 |
| 2021-05-12 | CVE-2021-28649 | Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063/5.3.1179 An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. | 7.3 |
| 2021-05-12 | CVE-2021-31519 | Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063/5.3.1179 An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. | 7.3 |
| 2021-05-05 | CVE-2021-25317 | Incorrect Default Permissions vulnerability in multiple products A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. | 3.3 |
| 2021-05-05 | CVE-2021-25319 | Incorrect Default Permissions vulnerability in Opensuse Factory A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. | 7.8 |
| 2021-05-04 | CVE-2021-26804 | Incorrect Default Permissions vulnerability in Centreon web 19.10.18/20.04.8/20.10.2 Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application. | 6.5 |
| 2021-04-27 | CVE-2021-3451 | Incorrect Default Permissions vulnerability in Lenovo Pcmanager A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. | 5.5 |