Vulnerabilities > Incorrect Default Permissions

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-05	CVE-2020-13537	Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8 An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. local low complexity moxa CWE-276	7.8
2020-11-05	CVE-2020-13536	Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8 An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. local low complexity moxa CWE-276	7.8
2020-11-02	CVE-2020-28044	Incorrect Default Permissions vulnerability in PAX Prolinos 2.4.161.8859R An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions. low complexity pax CWE-276	6.8
2020-11-02	CVE-2020-28041	Incorrect Default Permissions vulnerability in Netgear Nighthawk R7000 Firmware 1.0.9.6410.2.64 The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. network low complexity netgear CWE-276	6.5
2020-11-02	CVE-2020-27358	Incorrect Default Permissions vulnerability in Vanderbilt Redcap An issue was discovered in REDCap 8.11.6 through 9.x before 10. network low complexity vanderbilt CWE-276	4.3
2020-10-27	CVE-2019-8777	Incorrect Default Permissions vulnerability in Apple mac OS X A lock screen issue allowed access to contacts on a locked device. low complexity apple CWE-276	2.4
2020-10-23	CVE-2019-14718	Incorrect Default Permissions vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation. local low complexity verifone CWE-276	6.7
2020-10-22	CVE-2020-27665	Incorrect Default Permissions vulnerability in Strapi In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. network low complexity strapi CWE-276	7.5
2020-10-21	CVE-2020-17381	Incorrect Default Permissions vulnerability in Ghisler Total Commander 9.51 An issue was discovered in Ghisler Total Commander 9.51. local low complexity ghisler CWE-276	7.3
2020-09-24	CVE-2020-15843	Incorrect Default Permissions vulnerability in Actfax 7.10 ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. local low complexity actfax CWE-276	7.3