Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2021-34164 | Incorrect Default Permissions vulnerability in Lizhifaka Project Lizhifaka 2.2.0 Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location. | 8.8 |
| 2023-02-17 | CVE-2021-34182 | Incorrect Default Permissions vulnerability in Ttyd Project Ttyd 1.6.3 An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions. | 9.8 |
| 2023-02-17 | CVE-2022-40232 | Incorrect Default Permissions vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. | 8.8 |
| 2023-02-16 | CVE-2022-33196 | Incorrect Default Permissions vulnerability in Intel products Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
| 2023-02-16 | CVE-2022-36397 | Incorrect Default Permissions vulnerability in Intel Quickassist Technology 1.0.4000004/1.7.L.4.10.0/4.2 Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-02-15 | CVE-2023-23848 | Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 |
| 2023-02-15 | CVE-2023-23850 | Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2023-02-14 | CVE-2023-22931 | Incorrect Default Permissions vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. | 4.3 |
| 2023-02-13 | CVE-2022-45454 | Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect Sensitive information disclosure due to insecure folder permissions. | 7.5 |
| 2023-02-09 | CVE-2023-21433 | Incorrect Default Permissions vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8 Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | 7.8 |