Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-15 | CVE-2023-23850 | Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2023-02-14 | CVE-2023-22931 | Incorrect Default Permissions vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. | 4.3 |
| 2023-02-13 | CVE-2022-45454 | Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect Sensitive information disclosure due to insecure folder permissions. | 7.5 |
| 2023-02-09 | CVE-2023-21433 | Incorrect Default Permissions vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8 Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | 7.8 |
| 2023-02-07 | CVE-2022-31254 | Incorrect Default Permissions vulnerability in Opensuse Rmt-Server 2.5.23.26.1/2.5.23.9.1/2.5.2Lp151.2.9.1 A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. | 7.8 |
| 2023-02-01 | CVE-2022-45099 | Incorrect Default Permissions vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. | 7.8 |
| 2023-01-26 | CVE-2022-3432 | Incorrect Default Permissions vulnerability in Lenovo Ideapad Y700-14Isk Firmware A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 6.7 |
| 2023-01-23 | CVE-2022-3430 | Incorrect Default Permissions vulnerability in Lenovo products A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 6.7 |
| 2023-01-20 | CVE-2022-1109 | Incorrect Default Permissions vulnerability in Lenovo Leyun An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service. | 7.5 |
| 2023-01-20 | CVE-2023-20043 | Incorrect Default Permissions vulnerability in Cisco CX Cloud Agent A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. | 6.7 |