Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-08 | CVE-2021-21436 | Incorrect Default Permissions vulnerability in Otrs CIS in Customer Frontend 7.0.0/7.0.14 Agents are able to see and link Config Items without permissions, which are defined in General Catalog. | 4.3 |
| 2021-02-03 | CVE-2020-29582 | Incorrect Default Permissions vulnerability in multiple products In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. | 5.3 |
| 2021-02-03 | CVE-2020-25208 | Incorrect Default Permissions vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions. | 5.3 |
| 2021-02-01 | CVE-2019-20468 | Incorrect Default Permissions vulnerability in Tk-Star Q90 Junior GPS Horloge Firmware 3.1042.9.8656 An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. | 9.8 |
| 2021-01-26 | CVE-2020-26941 | Incorrect Default Permissions vulnerability in Eset products A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. | 5.5 |
| 2021-01-19 | CVE-2020-11997 | Incorrect Default Permissions vulnerability in Apache Guacamole Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. | 4.3 |
| 2021-01-11 | CVE-2020-13922 | Incorrect Default Permissions vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1/1.3.1 Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | 6.5 |
| 2021-01-08 | CVE-2021-1056 | Incorrect Default Permissions vulnerability in multiple products NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. | 7.1 |
| 2021-01-07 | CVE-2020-13452 | Incorrect Default Permissions vulnerability in Thecodingmachine Gotenberg In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution. | 9.8 |
| 2021-01-05 | CVE-2020-13541 | Incorrect Default Permissions vulnerability in Win911 Mobile-911 Server 2.5 An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. | 8.8 |