Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2022-36397 | Incorrect Default Permissions vulnerability in Intel Quickassist Technology 1.0.4000004/1.7.L.4.10.0/4.2 Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-02-15 | CVE-2023-23848 | Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 |
| 2023-02-15 | CVE-2023-23850 | Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2023-02-14 | CVE-2023-22931 | Incorrect Default Permissions vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. | 4.3 |
| 2023-02-13 | CVE-2022-45454 | Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect Sensitive information disclosure due to insecure folder permissions. | 7.5 |
| 2023-02-09 | CVE-2023-21433 | Incorrect Default Permissions vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8 Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | 7.8 |
| 2023-02-07 | CVE-2022-31254 | Incorrect Default Permissions vulnerability in Opensuse Rmt-Server 2.5.23.26.1/2.5.23.9.1/2.5.2Lp151.2.9.1 A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. | 7.8 |
| 2023-02-01 | CVE-2022-45099 | Incorrect Default Permissions vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. | 7.8 |
| 2023-01-26 | CVE-2022-3432 | Incorrect Default Permissions vulnerability in Lenovo Ideapad Y700-14Isk Firmware A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 6.7 |
| 2023-01-23 | CVE-2022-3430 | Incorrect Default Permissions vulnerability in Lenovo products A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 6.7 |