Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-21957 | Incorrect Default Permissions vulnerability in AMD Management Console Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | 7.3 |
| 2024-11-12 | CVE-2024-21958 | Incorrect Default Permissions vulnerability in AMD Provisioning Console Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 7.3 |
| 2024-11-06 | CVE-2024-34679 | Incorrect Default Permissions vulnerability in Samsung Android 14.0 Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege. | 7.1 |
| 2024-11-01 | CVE-2024-9191 | Incorrect Default Permissions vulnerability in Okta Verify The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. | 7.8 |
| 2024-10-28 | CVE-2024-10469 | Incorrect Default Permissions vulnerability in Cert Vince VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. | 6.5 |
| 2024-10-22 | CVE-2024-7587 | Incorrect Default Permissions vulnerability in multiple products Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64. | 7.8 |
| 2024-10-18 | CVE-2024-47240 | Incorrect Default Permissions vulnerability in Dell Secure Connect Gateway 5.24.00.14 Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. | 6.3 |
| 2024-10-17 | CVE-2024-49389 | Incorrect Default Permissions vulnerability in Acronis Cyber Files Local privilege escalation due to insecure folder permissions. | 7.8 |
| 2024-10-11 | CVE-2024-39544 | An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows a low-privileged user can access sensitive information compromising the confidentiality of the system. Junos OS Evolved: * All versions before 20.4R3-S9-EVO, * 21.2-EVO before 21.2R3-S7-EVO, * 21.4-EVO before 21.4R3-S5-EVO, * 22.1-EVO before 22.1R3-S5-EVO, * 22.2-EVO before 22.2R3-S3-EVO, * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO, * 22.4-EVO before 22.4R3-EVO, * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. | 5.0 |
| 2024-10-11 | CVE-2024-5474 | Incorrect Default Permissions vulnerability in Lenovo Dolby Vision Provisioning A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. | 5.5 |