Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2020-06-03 CVE-2020-6498 Incorrect Default Permissions vulnerability in multiple products
Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian CWE-276
6.5
6.5
2020-06-03 CVE-2020-6497 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI.
network
low complexity
google debian CWE-276
6.5
6.5
2020-06-03 CVE-2020-6495 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google debian opensuse CWE-276
6.5
6.5
2020-06-03 CVE-2020-2197 Incorrect Default Permissions vulnerability in Jenkins Project Inheritance
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
network
low complexity
jenkins CWE-276
4.3
4.3
2020-06-03 CVE-2020-2191 Incorrect Default Permissions vulnerability in Jenkins Self-Organizing Swarm Modules
Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels.
network
low complexity
jenkins CWE-276
4.3
4.3
2020-05-21 CVE-2017-18868 Incorrect Default Permissions vulnerability in Digi Xbee 2 Firmware
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built.
network
low complexity
digi CWE-276
7.7
7.7
2020-05-21 CVE-2020-6488 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-276
4.3
4.3
2020-05-21 CVE-2020-6487 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-276
6.5
6.5
2020-05-21 CVE-2020-6484 Incorrect Default Permissions vulnerability in multiple products
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.
network
low complexity
google debian opensuse fedoraproject CWE-276
6.5
6.5
2020-05-21 CVE-2020-6483 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-276
6.5
6.5