Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2022-11-09 CVE-2022-44548 Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos
There is a vulnerability in permission verification during the Bluetooth pairing process.
low complexity
huawei CWE-276
4.3
2022-11-09 CVE-2022-44561 Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos
The preset launcher module has a permission verification vulnerability.
network
low complexity
huawei CWE-276
7.5
2022-11-08 CVE-2022-34824 Incorrect Default Permissions vulnerability in NEC products
Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
network
low complexity
nec CWE-276
critical
9.8
2022-11-03 CVE-2022-43574 Incorrect Default Permissions vulnerability in IBM products
"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations.
network
low complexity
ibm CWE-276
7.5
2022-11-01 CVE-2020-36605 Incorrect Default Permissions vulnerability in Hitachi products
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.
local
low complexity
hitachi CWE-276
4.4
2022-10-21 CVE-2020-5355 Incorrect Default Permissions vulnerability in Dell EMC Isilon Onefs
The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding.
network
low complexity
dell CWE-276
4.3
2022-10-18 CVE-2022-36438 Incorrect Default Permissions vulnerability in Asus Asusswitch and System Control Interface
AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily).
local
low complexity
asus CWE-276
7.8
2022-10-14 CVE-2022-42464 Incorrect Default Permissions vulnerability in Openharmony
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver.
local
low complexity
openharmony CWE-276
7.8
2022-10-14 CVE-2022-36803 Incorrect Default Permissions vulnerability in Atlassian Jira Align
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin.
network
low complexity
atlassian CWE-276
8.8
2022-10-13 CVE-2022-40187 Incorrect Default Permissions vulnerability in multiple products
Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled.
8.0