Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2023-07-27 CVE-2022-43702 Incorrect Default Permissions vulnerability in ARM products
When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.
local
low complexity
arm CWE-276
7.8
2023-07-18 CVE-2020-36695 Incorrect Default Permissions vulnerability in Hitachi products
Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.
local
low complexity
hitachi CWE-276
7.8
2023-07-11 CVE-2023-29131 Incorrect Default Permissions vulnerability in Siemens Simatic CN 4100
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5).
network
low complexity
siemens CWE-276
critical
10.0
2023-06-28 CVE-2023-21512 Incorrect Default Permissions vulnerability in Samsung Android 11.0/12.0/13.0
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
local
low complexity
samsung CWE-276
3.3
2023-06-28 CVE-2023-20178 Incorrect Default Permissions vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM.
local
low complexity
cisco CWE-276
7.8
2023-06-23 CVE-2023-23344 Incorrect Default Permissions vulnerability in Hcltech Bigfix Webui Insights 14
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
network
low complexity
hcltech CWE-276
6.5
2023-06-16 CVE-2023-25645 Incorrect Default Permissions vulnerability in ZTE products
There is a permission and access control vulnerability in some ZTE AndroidTV STBs.
local
low complexity
zte CWE-276
7.7
2023-06-13 CVE-2022-33877 Incorrect Default Permissions vulnerability in Fortinet Forticlient and Forticonverter
An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.
local
low complexity
fortinet CWE-276
5.5
2023-06-07 CVE-2023-31116 Incorrect Default Permissions vulnerability in Samsung Exynos 5123 Firmware and Exynos 5300 Firmware
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.
network
low complexity
samsung CWE-276
critical
9.8
2023-06-07 CVE-2023-33282 Incorrect Default Permissions vulnerability in Marvalglobal MSM 15.0
Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials.
network
low complexity
marvalglobal CWE-276
critical
9.8