Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-06-07 | CVE-2020-13894 | Incorrect Default Permissions vulnerability in Dext5 2.7.1402870/3.5.1402961 handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field. | 7.5 |
| 2020-06-05 | CVE-2020-13867 | Incorrect Default Permissions vulnerability in multiple products Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). | 5.5 |
| 2020-06-03 | CVE-2020-6504 | Incorrect Default Permissions vulnerability in Google Chrome Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page. | 4.3 |
| 2020-06-03 | CVE-2020-6502 | Incorrect Default Permissions vulnerability in Google Chrome Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
| 2020-06-03 | CVE-2020-6501 | Incorrect Default Permissions vulnerability in Google Chrome Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 6.5 |
| 2020-06-03 | CVE-2020-6498 | Incorrect Default Permissions vulnerability in multiple products Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2020-06-03 | CVE-2020-6497 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. | 6.5 |
| 2020-06-03 | CVE-2020-6495 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 6.5 |
| 2020-06-03 | CVE-2020-2197 | Incorrect Default Permissions vulnerability in Jenkins Project Inheritance Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | 4.3 |