Vulnerabilities > Incorrect Default Permissions
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-10 | CVE-2020-26809 | Incorrect Default Permissions vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. | 5.0 |
2020-11-10 | CVE-2020-26807 | Incorrect Default Permissions vulnerability in SAP ERP Client for E-Bilanz 1.0 SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder. | 2.1 |
2020-11-10 | CVE-2020-0453 | Incorrect Default Permissions vulnerability in Google Android 8.0/8.1/9.0 In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. | 2.1 |
2020-11-10 | CVE-2020-0448 | Incorrect Default Permissions vulnerability in Google Android In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. | 2.1 |
2020-11-09 | CVE-2020-24402 | Incorrect Default Permissions vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. | 5.5 |
2020-11-05 | CVE-2020-13537 | Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8 An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. | 7.2 |
2020-11-05 | CVE-2020-13536 | Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8 An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. | 7.2 |
2020-11-02 | CVE-2020-28044 | Incorrect Default Permissions vulnerability in PAX Prolinos An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions. | 7.2 |
2020-11-02 | CVE-2020-28041 | Incorrect Default Permissions vulnerability in Netgear Nighthawk R7000 Firmware 1.0.9.6410.2.64 The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. | 6.5 |
2020-11-02 | CVE-2020-27358 | Incorrect Default Permissions vulnerability in Vanderbilt Redcap An issue was discovered in REDCap 8.11.6 through 9.x before 10. | 4.0 |