Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2020-12608 | Incorrect Default Permissions vulnerability in Solarwinds Managed Service Provider Patch Management Engine An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. | 7.8 |
| 2020-05-06 | CVE-2020-2183 | Incorrect Default Permissions vulnerability in Jenkins Copy Artifact Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. | 6.5 |
| 2020-05-04 | CVE-2020-8018 | Incorrect Default Permissions vulnerability in Suse Linux Enterprise Desktop 15 A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions; | 7.8 |
| 2020-04-30 | CVE-2020-12101 | Incorrect Default Permissions vulnerability in Xt-Commerce The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address. | 4.3 |
| 2020-04-29 | CVE-2020-12277 | Incorrect Default Permissions vulnerability in Gitlab GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. | 5.3 |
| 2020-04-29 | CVE-2020-8471 | Incorrect Default Permissions vulnerability in ABB 800Xa System, Compact HMI and Control Builder Safe For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code. | 7.8 |
| 2020-04-24 | CVE-2019-15793 | Incorrect Default Permissions vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. | 8.8 |
| 2020-04-23 | CVE-2020-12118 | Incorrect Default Permissions vulnerability in Binance Tss-Lib 1.0.0/1.1.0/1.1.1 The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties. | 8.2 |
| 2020-04-23 | CVE-2020-8798 | Incorrect Default Permissions vulnerability in Juplink Rx4-1500 Firmware 1.0.3/1.0.4/1.0.5 httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network. | 5.5 |
| 2020-04-23 | CVE-2020-12075 | Incorrect Default Permissions vulnerability in Supsystic Data Tables Generator The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. | 8.8 |