Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2021-34182 Incorrect Default Permissions vulnerability in Ttyd Project Ttyd 1.6.3
An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions.
network
low complexity
ttyd-project CWE-276
critical
9.8
2023-02-17 CVE-2022-40232 Incorrect Default Permissions vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls.
network
low complexity
ibm CWE-276
8.8
2023-02-16 CVE-2022-33196 Incorrect Default Permissions vulnerability in Intel products
Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
6.7
2023-02-16 CVE-2022-36397 Incorrect Default Permissions vulnerability in Intel Quickassist Technology 1.0.4000004/1.7.L.4.10.0/4.2
Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
2023-02-15 CVE-2023-23848 Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity
Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-276
4.3
2023-02-15 CVE-2023-23850 Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity
A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-276
4.3
2023-02-14 CVE-2023-22931 Incorrect Default Permissions vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions.
network
low complexity
splunk CWE-276
4.3
2023-02-13 CVE-2022-45454 Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect
Sensitive information disclosure due to insecure folder permissions.
network
low complexity
acronis CWE-276
7.5
2023-02-09 CVE-2023-21433 Incorrect Default Permissions vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.
local
low complexity
samsung CWE-276
7.8
2023-02-07 CVE-2022-31254 Incorrect Default Permissions vulnerability in Opensuse Rmt-Server 2.5.23.26.1/2.5.23.9.1/2.5.2Lp151.2.9.1
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root.
local
low complexity
opensuse CWE-276
7.8