Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-03 | CVE-2023-28724 | Incorrect Default Permissions vulnerability in F5 products NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.1 |
| 2023-05-02 | CVE-2022-30759 | Incorrect Default Permissions vulnerability in Nokia One-Nds In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | 8.8 |
| 2023-05-01 | CVE-2023-27035 | Incorrect Default Permissions vulnerability in Obsidian 1.1.9 An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | 7.5 |
| 2023-05-01 | CVE-2022-4568 | Incorrect Default Permissions vulnerability in Lenovo System Update A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | 7.8 |
| 2023-04-28 | CVE-2022-38583 | Incorrect Default Permissions vulnerability in Sage 300 2020/2021/2022 On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. | 7.8 |
| 2023-04-25 | CVE-2022-31244 | Incorrect Default Permissions vulnerability in Nokia One-Network Directory Server 17R2 Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | 7.8 |
| 2023-04-19 | CVE-2023-29923 | Incorrect Default Permissions vulnerability in Powerjob 4.3.1 PowerJob V4.3.1 is vulnerable to Insecure Permissions. | 5.3 |
| 2023-04-17 | CVE-2023-28966 | Incorrect Default Permissions vulnerability in Juniper Junos OS Evolved An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. | 7.8 |
| 2023-04-14 | CVE-2023-26918 | Incorrect Default Permissions vulnerability in Filereplicationpro File Replication PRO 7.5.0 Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. | 9.8 |
| 2023-04-06 | CVE-2023-25542 | Incorrect Default Permissions vulnerability in Dell Trusted Device Agent Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. | 7.8 |