Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2020-05-21 CVE-2020-6484 Incorrect Default Permissions vulnerability in multiple products
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.
network
low complexity
google debian opensuse fedoraproject CWE-276
6.5
6.5
2020-05-21 CVE-2020-6483 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-276
6.5
6.5
2020-05-21 CVE-2020-6482 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian CWE-276
6.5
6.5
2020-05-21 CVE-2020-6480 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions.
network
low complexity
google opensuse fedoraproject debian CWE-276
6.5
6.5
2020-05-21 CVE-2020-6476 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian CWE-276
6.5
6.5
2020-05-21 CVE-2020-6471 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google fedoraproject opensuse debian CWE-276
critical
 9.6
9.6
2020-05-21 CVE-2020-6469 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google debian opensuse fedoraproject CWE-276
critical
 9.6
9.6
2020-05-20 CVE-2020-13240 Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions.
network
low complexity
dolibarr CWE-276
5.4
5.4
2020-05-20 CVE-2020-11716 Incorrect Default Permissions vulnerability in Panasonic products
Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions.
network
low complexity
panasonic CWE-276
critical
 9.8
9.8
2020-05-20 CVE-2020-9409 Incorrect Default Permissions vulnerability in multiple products
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems.
network
low complexity
tibco oracle CWE-276
critical
 9.8
9.8