Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2021-05-25 CVE-2020-13599 Incorrect Default Permissions vulnerability in Zephyrproject Zephyr
Security problem with settings and littlefs.
local
low complexity
zephyrproject CWE-276
3.3
3.3
2021-05-25 CVE-2020-9450 Incorrect Default Permissions vulnerability in Acronis True Image 2020 24.5.22510
An issue was discovered in Acronis True Image 2020 24.5.22510.
local
low complexity
acronis CWE-276
7.8
7.8
2021-05-25 CVE-2020-9451 Incorrect Default Permissions vulnerability in Acronis True Image 2020 24.5.22510
An issue was discovered in Acronis True Image 2020 24.5.22510.
local
low complexity
acronis CWE-276
5.5
5.5
2021-05-24 CVE-2020-28906 Incorrect Default Permissions vulnerability in Nagios Fusion and Nagios XI
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root.
network
low complexity
nagios CWE-276
8.8
8.8
2021-05-17 CVE-2020-13667 Incorrect Default Permissions vulnerability in Drupal
Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions.
network
low complexity
drupal CWE-276
5.3
5.3
2021-05-17 CVE-2021-29052 Incorrect Default Permissions vulnerability in Liferay DXP and Liferay Portal
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.
network
low complexity
liferay CWE-276
4.3
4.3
2021-05-13 CVE-2020-21342 Incorrect Default Permissions vulnerability in Zzcms 201910
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.
network
low complexity
zzcms CWE-276
7.5
7.5
2021-05-12 CVE-2021-28649 Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063/5.3.1179
An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.
local
low complexity
trendmicro CWE-276
7.3
7.3
2021-05-12 CVE-2021-31519 Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063/5.3.1179
An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.
local
low complexity
trendmicro CWE-276
7.3
7.3
2021-05-04 CVE-2021-26804 Incorrect Default Permissions vulnerability in Centreon web 19.10.18/20.04.8/20.10.2
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
network
low complexity
centreon CWE-276
6.5
6.5