Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2020-11-02 CVE-2020-28044 Incorrect Default Permissions vulnerability in PAX Prolinos 2.4.161.8859R
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.
low complexity
pax CWE-276
6.8
6.8
2020-11-02 CVE-2020-28041 Incorrect Default Permissions vulnerability in Netgear Nighthawk R7000 Firmware 1.0.9.6410.2.64
The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming.
network
low complexity
netgear CWE-276
6.5
6.5
2020-11-02 CVE-2020-27358 Incorrect Default Permissions vulnerability in Vanderbilt Redcap
An issue was discovered in REDCap 8.11.6 through 9.x before 10.
network
low complexity
vanderbilt CWE-276
4.3
4.3
2020-10-27 CVE-2019-8777 Incorrect Default Permissions vulnerability in Apple mac OS X
A lock screen issue allowed access to contacts on a locked device.
low complexity
apple CWE-276
2.4
2.4
2020-10-23 CVE-2019-14718 Incorrect Default Permissions vulnerability in Verifone Mx900 Firmware 30251000
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
local
low complexity
verifone CWE-276
6.7
6.7
2020-10-22 CVE-2020-27665 Incorrect Default Permissions vulnerability in Strapi
In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.
network
low complexity
strapi CWE-276
7.5
7.5
2020-10-21 CVE-2020-17381 Incorrect Default Permissions vulnerability in Ghisler Total Commander 9.51
An issue was discovered in Ghisler Total Commander 9.51.
local
low complexity
ghisler CWE-276
7.3
7.3
2020-09-24 CVE-2020-15843 Incorrect Default Permissions vulnerability in Actfax 7.10
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\.
local
low complexity
actfax CWE-276
7.3
7.3
2020-09-24 CVE-2020-15850 Incorrect Default Permissions vulnerability in Nakivo Backup & Replication Director 9.4.0.R43656
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges.
local
low complexity
nakivo CWE-276
7.8
7.8
2020-09-24 CVE-2020-26088 Incorrect Default Permissions vulnerability in multiple products
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
local
low complexity
linux debian opensuse canonical CWE-276
5.5
5.5