Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-27 | CVE-2022-43702 | Incorrect Default Permissions vulnerability in ARM products When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. | 7.8 |
| 2023-07-24 | CVE-2023-3323 | Incorrect Default Permissions vulnerability in ABB Zenon A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. | 5.4 |
| 2023-07-18 | CVE-2020-36695 | Incorrect Default Permissions vulnerability in Hitachi products Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08. | 7.8 |
| 2023-07-11 | CVE-2023-29131 | Incorrect Default Permissions vulnerability in Siemens Simatic CN 4100 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). | 10.0 |
| 2023-07-07 | CVE-2023-32183 | Incorrect Default Permissions vulnerability in Opensuse Tumbleweed Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. | 7.8 |
| 2023-06-28 | CVE-2023-21512 | Incorrect Default Permissions vulnerability in Samsung Android 11.0/12.0/13.0 Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. | 3.3 |
| 2023-06-28 | CVE-2023-20178 | Incorrect Default Permissions vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. | 7.8 |
| 2023-06-23 | CVE-2023-23344 | Incorrect Default Permissions vulnerability in Hcltech Bigfix Webui Insights 14 A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | 6.5 |
| 2023-06-16 | CVE-2023-25645 | Incorrect Default Permissions vulnerability in ZTE products There is a permission and access control vulnerability in some ZTE AndroidTV STBs. | 7.7 |
| 2023-06-13 | CVE-2022-33877 | Incorrect Default Permissions vulnerability in Fortinet Forticlient and Forticonverter An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder. | 5.5 |