Vulnerabilities > Incorrect Default Permissions
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-09 | CVE-2022-2528 | Incorrect Default Permissions vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. | 6.5 |
2022-09-07 | CVE-2022-31251 | Incorrect Default Permissions vulnerability in Opensuse Factory A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. | 6.3 |
2022-09-06 | CVE-2022-40109 | Incorrect Default Permissions vulnerability in Totolink A3002R Firmware 1.1.1B20200824.0128 TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. | 9.8 |
2022-09-02 | CVE-2022-36640 | Incorrect Default Permissions vulnerability in Influxdata Influxdb influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. | 9.8 |
2022-09-01 | CVE-2022-32743 | Incorrect Default Permissions vulnerability in multiple products Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | 7.5 |
2022-08-30 | CVE-2022-37173 | Incorrect Default Permissions vulnerability in VIM Gvim 9.0.0000 An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. | 7.8 |
2022-08-29 | CVE-2022-0336 | Incorrect Default Permissions vulnerability in multiple products The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. | 8.8 |
2022-08-23 | CVE-2021-3917 | Incorrect Default Permissions vulnerability in Redhat Coreos-Installer A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. | 5.5 |
2022-08-23 | CVE-2021-3701 | Incorrect Default Permissions vulnerability in Redhat Ansible Runner 2.0.0 A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. | 6.6 |
2022-08-22 | CVE-2021-37289 | Incorrect Default Permissions vulnerability in Planex Mzk-Dp150N Firmware 1.42/1.43 Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp. | 7.2 |