Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-4065 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log.
local
low complexity
redhat CWE-276
5.5
2023-09-22 CVE-2022-4039 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled.
network
low complexity
redhat CWE-276
critical
9.8
2023-09-21 CVE-2023-42261 Incorrect Default Permissions vulnerability in Opensecurity Mobile Security Framework
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions.
network
low complexity
opensecurity CWE-276
7.5
2023-09-20 CVE-2023-43496 Incorrect Default Permissions vulnerability in Jenkins
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
network
low complexity
jenkins CWE-276
8.8
2023-09-20 CVE-2023-5042 Incorrect Default Permissions vulnerability in Acronis Cyber Protect Home Office
Sensitive information disclosure due to insecure folder permissions.
network
low complexity
acronis CWE-276
7.5
2023-09-20 CVE-2023-4088 Incorrect Default Permissions vulnerability in Mitsubishielectric GX Works3
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.
local
low complexity
mitsubishielectric CWE-276
7.8
2023-09-15 CVE-2022-3466 Incorrect Default Permissions vulnerability in multiple products
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600.
local
low complexity
kubernetes redhat CWE-276
5.3
2023-09-12 CVE-2023-37878 Incorrect Default Permissions vulnerability in Wftpserver Wing FTP Server
Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.
network
low complexity
wftpserver CWE-276
8.8
2023-09-11 CVE-2023-31067 Incorrect Default Permissions vulnerability in Tsplus Remote Access 16.0.0.0/16.0.2.14
An issue was discovered in TSplus Remote Access through 16.0.2.14.
network
low complexity
tsplus CWE-276
critical
9.8
2023-09-11 CVE-2023-31068 Incorrect Default Permissions vulnerability in Tsplus Remote Access 16.0.0.0
An issue was discovered in TSplus Remote Access through 16.0.2.14.
network
low complexity
tsplus CWE-276
critical
9.8