Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2021-04-09 CVE-2021-25358 Incorrect Default Permissions vulnerability in Google Android 10.0/9.0
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.
local
low complexity
google CWE-276
3.3
3.3
2021-04-09 CVE-2020-13534 Incorrect Default Permissions vulnerability in Dreamreport Dream Report 5R202
A privilege escalation vulnerability exists in Dream Report 5 R20-2.
local
low complexity
dreamreport CWE-276
7.8
7.8
2021-04-09 CVE-2020-13533 Incorrect Default Permissions vulnerability in Dreamreport Dream Report 5R202
A privilege escalation vulnerability exists in Dream Report 5 R20-2.
local
low complexity
dreamreport CWE-276
7.8
7.8
2021-04-09 CVE-2020-13532 Incorrect Default Permissions vulnerability in Dreamreport Dream Report 5R202
A privilege escalation vulnerability exists in Dream Report 5 R20-2.
local
low complexity
dreamreport CWE-276
7.8
7.8
2021-03-31 CVE-2021-22538 Incorrect Default Permissions vulnerability in Google Exposure Notifications Verification Server
A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their own.
network
low complexity
google CWE-276
8.8
8.8
2021-03-25 CVE-2021-27193 Incorrect Default Permissions vulnerability in Netop Vision PRO
Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation.
network
low complexity
netop CWE-276
critical
 9.8
9.8
2021-03-25 CVE-2021-25355 Incorrect Default Permissions vulnerability in Samsung Notes 2.0.02.31
Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.
local
low complexity
samsung CWE-276
7.8
7.8
2021-03-22 CVE-2021-22311 Incorrect Default Permissions vulnerability in Huawei Manageone 8.0.0/8.0.1
There is an improper permission assignment vulnerability in Huawei ManageOne product.
network
low complexity
huawei CWE-276
7.2
7.2
2021-03-22 CVE-2021-21438 Incorrect Default Permissions vulnerability in Otrs FAQ and Otrs
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category).
network
low complexity
otrs CWE-276
4.3
4.3
2021-03-11 CVE-2020-4976 Incorrect Default Permissions vulnerability in multiple products
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions.
local
low complexity
ibm netapp CWE-276
4.4
4.4