Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2020-10-23 CVE-2019-14718 Incorrect Default Permissions vulnerability in Verifone Mx900 Firmware 30251000
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
local
low complexity
verifone CWE-276
6.7
2020-10-22 CVE-2020-27665 Incorrect Default Permissions vulnerability in Strapi
In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.
network
low complexity
strapi CWE-276
7.5
2020-10-21 CVE-2020-17381 Incorrect Default Permissions vulnerability in Ghisler Total Commander 9.51
An issue was discovered in Ghisler Total Commander 9.51.
local
low complexity
ghisler CWE-276
7.3
2020-09-24 CVE-2020-15843 Incorrect Default Permissions vulnerability in Actfax 7.10
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\.
local
low complexity
actfax CWE-276
7.3
2020-09-24 CVE-2020-15850 Incorrect Default Permissions vulnerability in Nakivo Backup & Replication Director 9.4.0.R43656
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges.
local
low complexity
nakivo CWE-276
7.8
2020-09-24 CVE-2020-26088 Incorrect Default Permissions vulnerability in multiple products
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
local
low complexity
linux debian opensuse canonical CWE-276
5.5
2020-09-18 CVE-2020-0294 Incorrect Default Permissions vulnerability in Google Android 11.0
In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent.
local
low complexity
google CWE-276
5.5
2020-09-17 CVE-2020-0374 Incorrect Default Permissions vulnerability in Google Android 11.0
In NFC, there is a possible permission bypass due to an unsafe PendingIntent.
local
low complexity
google CWE-276
7.8
2020-09-17 CVE-2020-0275 Incorrect Default Permissions vulnerability in Google Android 11.0
In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass.
local
low complexity
google CWE-276
7.8
2020-09-17 CVE-2020-0390 Incorrect Default Permissions vulnerability in Google Android 10.0/11.0
In the app zygote SE Policy, there is a possible permissions bypass.
local
low complexity
google CWE-276
5.5