Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2022-09-09 CVE-2022-2528 Incorrect Default Permissions vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
network
low complexity
octopus CWE-276
6.5
2022-09-07 CVE-2022-31251 Incorrect Default Permissions vulnerability in Opensuse Factory
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root.
local
high complexity
opensuse CWE-276
6.3
2022-09-06 CVE-2022-40109 Incorrect Default Permissions vulnerability in Totolink A3002R Firmware 1.1.1B20200824.0128
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.
network
low complexity
totolink CWE-276
critical
9.8
2022-09-02 CVE-2022-36640 Incorrect Default Permissions vulnerability in Influxdata Influxdb
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands.
network
low complexity
influxdata CWE-276
critical
9.8
2022-09-01 CVE-2022-32743 Incorrect Default Permissions vulnerability in multiple products
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
network
low complexity
samba fedoraproject CWE-276
7.5
2022-08-30 CVE-2022-37173 Incorrect Default Permissions vulnerability in VIM Gvim 9.0.0000
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.
local
low complexity
vim CWE-276
7.8
2022-08-29 CVE-2022-0336 Incorrect Default Permissions vulnerability in multiple products
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database.
network
low complexity
samba fedoraproject CWE-276
8.8
2022-08-23 CVE-2021-3917 Incorrect Default Permissions vulnerability in Redhat Coreos-Installer
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions.
local
low complexity
redhat CWE-276
5.5
2022-08-23 CVE-2021-3701 Incorrect Default Permissions vulnerability in Redhat Ansible Runner 2.0.0
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations.
local
low complexity
redhat CWE-276
6.6
2022-08-22 CVE-2021-37289 Incorrect Default Permissions vulnerability in Planex Mzk-Dp150N Firmware 1.42/1.43
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
network
low complexity
planex CWE-276
7.2