Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-21 | CVE-2020-6482 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 6.5 |
| 2020-05-21 | CVE-2020-6480 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions. | 6.5 |
| 2020-05-21 | CVE-2020-6476 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 6.5 |
| 2020-05-21 | CVE-2020-6471 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |
| 2020-05-21 | CVE-2020-6469 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |
| 2020-05-20 | CVE-2020-13240 | Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. | 5.4 |
| 2020-05-20 | CVE-2020-11716 | Incorrect Default Permissions vulnerability in Panasonic products Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. | 9.8 |
| 2020-05-20 | CVE-2020-9409 | Incorrect Default Permissions vulnerability in multiple products The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. | 9.8 |
| 2020-05-18 | CVE-2020-13149 | Incorrect Default Permissions vulnerability in MSI Dragon Center Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. | 7.8 |
| 2020-05-15 | CVE-2020-12834 | Incorrect Default Permissions vulnerability in Eq-3 Ccu3 Firmware and Homematic Ccu2 Firmware eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). | 9.8 |