Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2013-4763 Incorrect Default Permissions vulnerability in Samsung Galaxy S3 Firmware and Galaxy S4 Firmware
Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.
local
low complexity
samsung CWE-276
2.1
2.1
2019-12-19 CVE-2019-8256 Incorrect Default Permissions vulnerability in Adobe Coldfusion 2018
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability.
network
low complexity
adobe CWE-276
7.5
7.5
2019-12-18 CVE-2019-11097 Incorrect Default Permissions vulnerability in Intel Trusted Execution Engine Firmware
Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
4.6
4.6
2019-12-18 CVE-2019-19724 Incorrect Default Permissions vulnerability in Sylabs Singularity
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
network
low complexity
sylabs CWE-276
5.0
5.0
2019-12-18 CVE-2019-8731 Incorrect Default Permissions vulnerability in Apple Iphone OS
A permissions issue existed in which execute permission was incorrectly granted.
network
apple CWE-276
4.3
4.3
2019-12-17 CVE-2019-17334 Incorrect Default Permissions vulnerability in Tibco products
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system.
network
tibco CWE-276
6.0
6.0
2019-12-17 CVE-2019-19675 Incorrect Default Permissions vulnerability in Ivanti Workspace Control
In Ivanti Workspace Control before 10.3.180.0.
local
ivanti CWE-276
4.4
4.4
2019-12-17 CVE-2019-16559 Incorrect Default Permissions vulnerability in Jenkins Websphere Deployer
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.
network
low complexity
jenkins CWE-276
5.4
5.4
2019-12-17 CVE-2019-16554 Incorrect Default Permissions vulnerability in Jenkins Build Failure Analyzer
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
network
low complexity
jenkins CWE-276
4.3
4.3
2019-12-17 CVE-2019-16552 Incorrect Default Permissions vulnerability in Jenkins Gerrit Trigger
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.
network
low complexity
jenkins CWE-276
5.4
5.4