Vulnerabilities > Incorrect Default Permissions
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-10 | CVE-2022-45793 | Incorrect Default Permissions vulnerability in Omron Automation Software Sysmac Studio Sysmac Studio installs executables in a directory with poor permissions. | 7.8 |
2024-01-06 | CVE-2023-50612 | Incorrect Default Permissions vulnerability in Fit2Cloud Cloudexplorer Lite 1.4.1 Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. | 7.8 |
2023-12-12 | CVE-2023-5536 | Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. | 6.4 |
2023-12-09 | CVE-2023-28870 | Incorrect Default Permissions vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | 6.5 |
2023-12-06 | CVE-2023-46773 | Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos Permission management vulnerability in the PMS module. | 9.8 |
2023-12-05 | CVE-2023-37572 | Incorrect Default Permissions vulnerability in Softing OPC Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. | 7.5 |
2023-11-29 | CVE-2023-47462 | Incorrect Default Permissions vulnerability in Gl-Inet Gl-Ax1800 Firmware Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function. | 9.8 |
2023-11-27 | CVE-2023-42501 | Incorrect Default Permissions vulnerability in Apache Superset Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. | 4.3 |
2023-11-22 | CVE-2023-47250 | Incorrect Default Permissions vulnerability in M-Privacy Mprivacy-Tools, Rsbac-Policy-Tgpro and Tightgatevnc In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. | 8.8 |
2023-11-22 | CVE-2023-43081 | Incorrect Default Permissions vulnerability in Dell Powerprotect Agent for File System PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. | 3.3 |