Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2023-05-31 CVE-2023-33966 Incorrect Default Permissions vulnerability in Deno and Deno Runtime
Deno is a runtime for JavaScript and TypeScript.
network
low complexity
deno CWE-276
critical
9.8
2023-05-31 CVE-2023-2749 Incorrect Default Permissions vulnerability in Asustor Download Center
Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions.
network
low complexity
asustor CWE-276
7.5
2023-05-30 CVE-2023-29731 Incorrect Default Permissions vulnerability in Loka Solive 1.6.14/1.6.16/1.6.20
SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file.
network
low complexity
loka CWE-276
7.5
2023-05-30 CVE-2023-29732 Incorrect Default Permissions vulnerability in Loka Solive 1.6.14/1.6.16/1.6.20
SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file.
network
low complexity
loka CWE-276
critical
9.8
2023-05-30 CVE-2023-32698 Incorrect Default Permissions vulnerability in Goreleaser Nfpm
nFPM is an alternative to fpm.
local
low complexity
goreleaser CWE-276
7.1
2023-05-28 CVE-2023-33291 Incorrect Default Permissions vulnerability in Ebankit 6
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation.
network
high complexity
ebankit CWE-276
7.4
2023-05-23 CVE-2023-29919 Incorrect Default Permissions vulnerability in Contec Solarview Compact Firmware 4.0/5.0
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions.
network
low complexity
contec CWE-276
critical
9.1
2023-05-22 CVE-2023-29838 Incorrect Default Permissions vulnerability in Allwaysync 19.0.3.0
Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file.
local
low complexity
allwaysync CWE-276
7.8
2023-05-18 CVE-2022-45452 Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect
Local privilege escalation due to insecure folder permissions.
local
low complexity
acronis CWE-276
7.8
2023-05-18 CVE-2022-45459 Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect
Sensitive information disclosure due to insecure registry permissions.
network
low complexity
acronis CWE-276
7.5