Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2022-07-20 CVE-2022-22424 Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions.
local
low complexity
ibm CWE-276
5.5
2022-07-12 CVE-2022-2366 Incorrect Default Permissions vulnerability in Mattermost Server
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
network
low complexity
mattermost CWE-276
5.3
2022-07-12 CVE-2022-30753 Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
local
low complexity
google CWE-276
3.3
2022-07-12 CVE-2022-30758 Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.
local
low complexity
google CWE-276
5.5
2022-07-12 CVE-2022-34737 Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI
The application security module has a vulnerability in permission assignment.
network
low complexity
huawei CWE-276
critical
9.1
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple splunk CWE-276
critical
9.8
2022-07-07 CVE-2022-33996 Incorrect Default Permissions vulnerability in Devolutions Server
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.
network
low complexity
devolutions CWE-276
8.8
2022-07-01 CVE-2022-2270 Incorrect Default Permissions vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1.
network
low complexity
gitlab CWE-276
5.3
2022-06-29 CVE-2022-33023 Incorrect Default Permissions vulnerability in Openhwgroup Cva6
CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong.
network
low complexity
openhwgroup CWE-276
7.5
2022-06-24 CVE-2021-41635 Incorrect Default Permissions vulnerability in Melag FTP Server 2.2.0.4
When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.
network
low complexity
melag CWE-276
8.8