Vulnerabilities > Incorrect Default Permissions
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-10 | CVE-2020-0121 | Incorrect Default Permissions vulnerability in Google Android 10.0 In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. | 2.1 |
2020-06-10 | CVE-2020-0116 | Incorrect Default Permissions vulnerability in Google Android 10.0 In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. | 4.9 |
2020-06-09 | CVE-2020-9817 | Incorrect Default Permissions vulnerability in Apple mac OS X A permissions issue existed. | 9.3 |
2020-06-08 | CVE-2020-13885 | Incorrect Default Permissions vulnerability in Citrix Workspace APP 1909/1911/2002 Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. | 7.2 |
2020-06-08 | CVE-2020-13884 | Incorrect Default Permissions vulnerability in Citrix Workspace APP 1909/1911/2002 Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. | 7.2 |
2020-06-08 | CVE-2020-8954 | Incorrect Default Permissions vulnerability in Openbrowser Project Openbrowser 1.0.4.9 OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated] | 5.8 |
2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
2020-06-08 | CVE-2020-13866 | Incorrect Default Permissions vulnerability in Qbik Wingate 9.4.1.5998 WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | 7.2 |
2020-06-07 | CVE-2020-13894 | Incorrect Default Permissions vulnerability in Dext5 2.7.1402870/3.5.1402961 handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field. | 5.0 |
2020-06-05 | CVE-2020-13867 | Incorrect Default Permissions vulnerability in multiple products Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). | 5.5 |