Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2023-01-17 CVE-2020-36611 Incorrect Default Permissions vulnerability in Hitachi Tuning Manager
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00.
local
low complexity
hitachi CWE-276
7.1
2022-12-22 CVE-2022-29909 Incorrect Default Permissions vulnerability in Mozilla Thunderbird
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions.
network
low complexity
mozilla CWE-276
8.8
2022-12-20 CVE-2022-47551 Incorrect Default Permissions vulnerability in Apiman
Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API.
network
low complexity
apiman CWE-276
6.5
2022-12-13 CVE-2022-20611 Incorrect Default Permissions vulnerability in Google Android
In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass.
local
low complexity
google CWE-276
7.8
2022-12-12 CVE-2022-42446 Incorrect Default Permissions vulnerability in Hcltech Sametime 12.0
Starting with Sametime 12, anonymous users are enabled by default.
network
low complexity
hcltech CWE-276
6.5
2022-12-08 CVE-2022-45118 Incorrect Default Permissions vulnerability in Openharmony
OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set.
local
low complexity
openharmony CWE-276
5.5
2022-12-06 CVE-2022-46382 Incorrect Default Permissions vulnerability in Rackn Digital Rebar
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions.
network
low complexity
rackn CWE-276
8.8
2022-12-02 CVE-2022-45562 Incorrect Default Permissions vulnerability in Telosalliance Omnia MPX Node Firmware
Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.
network
low complexity
telosalliance CWE-276
8.8
2022-12-01 CVE-2022-42718 Incorrect Default Permissions vulnerability in NI Labview Command Line Interface
Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
ni CWE-276
7.8
2022-11-28 CVE-2022-4020 Incorrect Default Permissions vulnerability in Acer products
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
local
low complexity
acer CWE-276
8.2