Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2022-12-08 CVE-2022-45118 Incorrect Default Permissions vulnerability in Openharmony
OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set.
local
low complexity
openharmony CWE-276
5.5
2022-12-06 CVE-2022-46382 Incorrect Default Permissions vulnerability in Rackn Digital Rebar
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions.
network
low complexity
rackn CWE-276
8.8
2022-12-02 CVE-2022-45562 Incorrect Default Permissions vulnerability in Telosalliance Omnia MPX Node Firmware
Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.
network
low complexity
telosalliance CWE-276
8.8
2022-12-01 CVE-2022-42718 Incorrect Default Permissions vulnerability in NI Labview Command Line Interface
Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
ni CWE-276
7.8
2022-11-28 CVE-2022-4020 Incorrect Default Permissions vulnerability in Acer products
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
local
low complexity
acer CWE-276
8.2
2022-11-15 CVE-2022-42130 Incorrect Default Permissions vulnerability in Liferay Digital Experience Platform and Liferay Portal
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.
network
low complexity
liferay CWE-276
4.3
2022-11-15 CVE-2022-42127 Incorrect Default Permissions vulnerability in Liferay Digital Experience Platform and Liferay Portal
The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.
network
low complexity
liferay CWE-276
5.3
2022-11-15 CVE-2022-42128 Incorrect Default Permissions vulnerability in Liferay Digital Experience Platform and Liferay Portal
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
network
low complexity
liferay CWE-276
5.3
2022-11-11 CVE-2022-36367 Incorrect Default Permissions vulnerability in Intel Support 21.7.40
Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access.
local
low complexity
intel CWE-276
4.4
2022-11-11 CVE-2022-36377 Incorrect Default Permissions vulnerability in Intel NUC KIT Wireless Adapter Driver Installer
Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8