Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-8731 | Incorrect Default Permissions vulnerability in Apple Iphone OS A permissions issue existed in which execute permission was incorrectly granted. | 5.5 |
| 2019-12-17 | CVE-2019-17334 | Incorrect Default Permissions vulnerability in Tibco products The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. | 8.0 |
| 2019-12-17 | CVE-2019-19675 | Incorrect Default Permissions vulnerability in Ivanti Workspace Control In Ivanti Workspace Control before 10.3.180.0. | 7.8 |
| 2019-12-17 | CVE-2019-16559 | Incorrect Default Permissions vulnerability in Jenkins Websphere Deployer A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | 5.4 |
| 2019-12-17 | CVE-2019-16554 | Incorrect Default Permissions vulnerability in Jenkins Build Failure Analyzer A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. | 4.3 |
| 2019-12-17 | CVE-2019-16552 | Incorrect Default Permissions vulnerability in Jenkins Gerrit Trigger A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master. | 5.4 |
| 2019-12-17 | CVE-2019-19712 | Incorrect Default Permissions vulnerability in Contao Contao 4.0 through 4.8.5 has Insecure Permissions. | 5.3 |
| 2019-12-17 | CVE-2019-15011 | Incorrect Default Permissions vulnerability in Atlassian Application Links The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check. | 4.3 |
| 2019-12-16 | CVE-2019-14605 | Incorrect Default Permissions vulnerability in Intel Setup and Configuration Software Platform Discovery Utility Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack. | 7.8 |
| 2019-12-16 | CVE-2019-14603 | Incorrect Default Permissions vulnerability in Intel Quartus Prime Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |