Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2022-0486 Incorrect Default Permissions vulnerability in Fidelissecurity Deception and Network
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user.
local
low complexity
fidelissecurity CWE-276
7.2
2022-05-17 CVE-2022-0997 Incorrect Default Permissions vulnerability in Fidelissecurity Deception and Network
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user.
local
low complexity
fidelissecurity CWE-276
7.2
2022-05-17 CVE-2022-24890 Incorrect Default Permissions vulnerability in Nextcloud Talk
Nextcloud Talk is a video and audio conferencing app for Nextcloud.
network
nextcloud CWE-276
3.5
2022-05-13 CVE-2022-30367 Incorrect Default Permissions vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0
Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img.
5.5
2022-05-13 CVE-2022-30375 Incorrect Default Permissions vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img.
5.5
2022-05-12 CVE-2022-30594 Incorrect Default Permissions vulnerability in Linux Kernel
The Linux kernel before 5.17.2 mishandles seccomp permissions.
local
low complexity
linux CWE-276
4.6
2022-05-10 CVE-2022-20004 Incorrect Default Permissions vulnerability in Google Android
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation.
local
low complexity
google CWE-276
7.2
2022-05-06 CVE-2022-23802 Incorrect Default Permissions vulnerability in Ijoomla Guru 5.2.5
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions.
network
low complexity
ijoomla CWE-276
5.0
2022-04-28 CVE-2022-29585 Incorrect Default Permissions vulnerability in Mahara
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used.
network
low complexity
mahara CWE-276
5.0
2022-04-26 CVE-2022-28218 Incorrect Default Permissions vulnerability in Ciphermail Webmail Messenger
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4.
local
low complexity
ciphermail CWE-276
2.1