Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-24 | CVE-2019-15793 | Incorrect Default Permissions vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. | 8.8 |
| 2020-04-23 | CVE-2020-12118 | Incorrect Default Permissions vulnerability in Binance Tss-Lib 1.0.0/1.1.0/1.1.1 The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties. | 8.2 |
| 2020-04-23 | CVE-2020-8798 | Incorrect Default Permissions vulnerability in Juplink Rx4-1500 Firmware 1.0.3/1.0.4/1.0.5 httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network. | 5.5 |
| 2020-04-23 | CVE-2020-12075 | Incorrect Default Permissions vulnerability in Supsystic Data Tables Generator The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. | 8.8 |
| 2020-04-22 | CVE-2020-11692 | Incorrect Default Permissions vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. | 2.7 |
| 2020-04-22 | CVE-2020-11689 | Incorrect Default Permissions vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. | 6.5 |
| 2020-04-15 | CVE-2020-0547 | Incorrect Default Permissions vulnerability in Intel Data Migration 3.3 Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2020-04-15 | CVE-2020-4274 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. | 5.4 |
| 2020-04-15 | CVE-2020-4270 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. | 7.8 |
| 2020-04-14 | CVE-2019-14326 | Incorrect Default Permissions vulnerability in Andyroid Andy OS 46.11.113 An issue was discovered in AndyOS Andy versions up to 46.11.113. | 7.8 |