Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-37006 | Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos Permission control vulnerability in the network module. | 7.5 |
| 2022-08-04 | CVE-2022-37030 | Incorrect Default Permissions vulnerability in Grommunio Gromox Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. | 7.8 |
| 2022-07-20 | CVE-2022-22424 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. | 5.5 |
| 2022-07-12 | CVE-2022-2366 | Incorrect Default Permissions vulnerability in Mattermost Server Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers. | 5.3 |
| 2022-07-12 | CVE-2022-30753 | Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0 Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | 3.3 |
| 2022-07-12 | CVE-2022-30758 | Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0 Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | 5.5 |
| 2022-07-12 | CVE-2022-34737 | Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI The application security module has a vulnerability in permission assignment. | 9.1 |
| 2022-07-07 | CVE-2022-32207 | Incorrect Default Permissions vulnerability in multiple products When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | 9.8 |
| 2022-07-07 | CVE-2022-33996 | Incorrect Default Permissions vulnerability in Devolutions Server Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. | 8.8 |
| 2022-07-01 | CVE-2022-2270 | Incorrect Default Permissions vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. | 5.3 |