Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2020-06-03 CVE-2020-2191 Incorrect Default Permissions vulnerability in Jenkins Self-Organizing Swarm Modules
Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels.
network
low complexity
jenkins CWE-276
4.3
2020-05-21 CVE-2017-18868 Incorrect Default Permissions vulnerability in Digi Xbee 2 Firmware
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built.
network
low complexity
digi CWE-276
7.7
2020-05-21 CVE-2020-6488 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-276
4.3
2020-05-21 CVE-2020-6487 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-276
6.5
2020-05-21 CVE-2020-6484 Incorrect Default Permissions vulnerability in multiple products
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.
network
low complexity
google debian opensuse fedoraproject CWE-276
6.5
2020-05-21 CVE-2020-6483 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-276
6.5
2020-05-21 CVE-2020-6482 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian CWE-276
6.5
2020-05-21 CVE-2020-6480 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions.
network
low complexity
google opensuse fedoraproject debian CWE-276
6.5
2020-05-21 CVE-2020-6476 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian CWE-276
6.5
2020-05-21 CVE-2020-6471 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google fedoraproject opensuse debian CWE-276
critical
9.6