Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-01 | CVE-2019-17053 | Incorrect Default Permissions vulnerability in Linux Kernel ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. | 3.3 |
| 2019-10-01 | CVE-2019-17052 | Incorrect Default Permissions vulnerability in multiple products ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. | 3.3 |
| 2019-09-27 | CVE-2018-19592 | Incorrect Default Permissions vulnerability in Corsair Link 4.9.7.35 The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. | 7.8 |
| 2019-09-25 | CVE-2019-12670 | Incorrect Default Permissions vulnerability in Cisco IOS 16.10.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. | 6.7 |
| 2019-09-19 | CVE-2019-3689 | Incorrect Default Permissions vulnerability in Linux-Nfs Nfs-Utils The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. | 9.8 |
| 2019-09-18 | CVE-2019-9679 | Incorrect Default Permissions vulnerability in Dahuasecurity products Some of Dahua's Debug functions do not have permission separation. | 8.8 |
| 2019-09-16 | CVE-2019-16355 | Incorrect Default Permissions vulnerability in Beego 1.10.0 The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. | 5.5 |
| 2019-09-10 | CVE-2019-16106 | Incorrect Default Permissions vulnerability in Humanica Humatrix 1.0.0.681/7.1.0.0.203 The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields. | 7.5 |
| 2019-09-09 | CVE-2019-16186 | Incorrect Default Permissions vulnerability in Limesurvey In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. | 7.2 |
| 2019-09-09 | CVE-2019-16185 | Incorrect Default Permissions vulnerability in Limesurvey In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. | 7.2 |