Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2020-03-19 CVE-2014-2721 Incorrect Default Permissions vulnerability in Fortinet products
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH.
network
low complexity
fortinet CWE-276
8.8
2020-03-12 CVE-2020-0514 Incorrect Default Permissions vulnerability in Intel Graphics Driver
Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
2020-03-12 CVE-2020-0508 Incorrect Default Permissions vulnerability in Intel Graphics Driver
Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
2020-03-12 CVE-2020-9543 Incorrect Default Permissions vulnerability in Openstack Manila
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID.
network
low complexity
openstack CWE-276
8.3
2020-03-11 CVE-2020-9408 Incorrect Default Permissions vulnerability in Tibco products
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted.
network
low complexity
tibco CWE-276
8.8
2020-03-09 CVE-2020-5342 Incorrect Default Permissions vulnerability in Dell Digital Delivery
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability.
local
low complexity
dell CWE-276
7.8
2020-03-03 CVE-2019-19792 Incorrect Default Permissions vulnerability in Eset Cyber Security
A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files.
local
low complexity
eset CWE-276
6.7
2020-02-27 CVE-2020-3838 Incorrect Default Permissions vulnerability in Apple products
The issue was addressed with improved permissions logic.
local
low complexity
apple CWE-276
7.8
2020-02-22 CVE-2020-9039 Incorrect Default Permissions vulnerability in Couchbase Server
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles.
network
low complexity
couchbase CWE-276
critical
9.8
2020-02-13 CVE-2020-0564 Incorrect Default Permissions vulnerability in Intel Raid web Console 3 4.186/7.009.011.000
Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8