Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2023-05-02 CVE-2022-30759 Incorrect Default Permissions vulnerability in Nokia One-Nds 20.9
In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.
network
low complexity
nokia CWE-276
8.8
8.8
2023-05-01 CVE-2023-27035 Incorrect Default Permissions vulnerability in Obsidian 1.1.9
An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.
network
low complexity
obsidian CWE-276
7.5
7.5
2023-05-01 CVE-2022-4568 Incorrect Default Permissions vulnerability in Lenovo System Update
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
local
high complexity
lenovo CWE-276
7.0
7.0
2023-04-28 CVE-2022-38583 Incorrect Default Permissions vulnerability in Sage 300
On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator.
local
low complexity
sage CWE-276
7.8
7.8
2023-04-25 CVE-2022-31244 Incorrect Default Permissions vulnerability in Nokia One-Network Directory Server 17R2
Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.
local
low complexity
nokia CWE-276
7.8
7.8
2023-04-19 CVE-2023-29923 Incorrect Default Permissions vulnerability in Powerjob 4.3.1
PowerJob V4.3.1 is vulnerable to Insecure Permissions.
network
low complexity
powerjob CWE-276
5.3
5.3
2023-04-14 CVE-2023-26918 Incorrect Default Permissions vulnerability in Filereplicationpro File Replication PRO 7.5.0
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem.
network
low complexity
filereplicationpro CWE-276
critical
 9.8
9.8
2023-04-04 CVE-2023-25355 Incorrect Default Permissions vulnerability in Coredial Sipxcom
CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions.
network
low complexity
coredial CWE-276
8.8
8.8
2023-04-01 CVE-2023-0181 Incorrect Default Permissions vulnerability in Nvidia Virtual GPU
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.
local
low complexity
nvidia CWE-276
7.1
7.1
2023-03-27 CVE-2022-48360 Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos
The facial recognition module has a vulnerability in file permission control.
network
low complexity
huawei CWE-276
7.5
7.5