Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2019-17103 Incorrect Default Permissions vulnerability in Bitdefender Antivirus
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories.
local
low complexity
bitdefender CWE-276
5.5
5.5
2020-01-24 CVE-2019-18900 Incorrect Default Permissions vulnerability in Opensuse Libzypp
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies.
local
low complexity
opensuse CWE-276
3.3
3.3
2020-01-24 CVE-2019-3687 Incorrect Default Permissions vulnerability in Suse Linux Enterprise Server
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic.
local
low complexity
suse CWE-276
3.3
3.3
2020-01-23 CVE-2019-19896 Incorrect Default Permissions vulnerability in Ixpdata Easyinstall 6.2.13723
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share.
network
low complexity
ixpdata CWE-276
critical
 9.9
9.9
2020-01-21 CVE-2019-19392 Incorrect Default Permissions vulnerability in Fordnn Usersexportimport
The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data.
network
low complexity
fordnn CWE-276
critical
 9.8
9.8
2020-01-17 CVE-2019-14601 Incorrect Default Permissions vulnerability in Intel Raid web Console 3 4.186/7.009.011.000
Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
7.8
2020-01-14 CVE-2020-5196 Incorrect Default Permissions vulnerability in Cerberusftp FTP Server
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files.
network
low complexity
cerberusftp CWE-276
8.1
8.1
2020-01-10 CVE-2019-19475 Incorrect Default Permissions vulnerability in Zohocorp Manageengine Applications Manager 14.3
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360.
network
low complexity
zohocorp CWE-276
8.8
8.8
2020-01-09 CVE-2012-4434 Incorrect Default Permissions vulnerability in Cipherdyne Fwknop 2.0/2.0.1/2.0.2
fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.
network
low complexity
cipherdyne CWE-276
8.8
8.8
2020-01-09 CVE-2020-6166 Incorrect Default Permissions vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes.
network
low complexity
webfactoryltd CWE-276
5.4
5.4