Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-06 | CVE-2022-26235 | Incorrect Default Permissions vulnerability in Beckmancoulter Remisol Advance 2.0.12.1 A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. | 7.8 |
| 2022-09-23 | CVE-2022-3263 | Incorrect Default Permissions vulnerability in Measuresoft Scadapro Server 6.7 The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges. | 7.8 |
| 2022-09-20 | CVE-2021-46834 | Incorrect Default Permissions vulnerability in Huawei Jad-Al50 Firmware 102.0.0.225(C00E220R3P4) A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. | 5.5 |
| 2022-09-19 | CVE-2022-38764 | Incorrect Default Permissions vulnerability in Trendmicro Housecall 1.62.1.1133 A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer. | 7.8 |
| 2022-09-13 | CVE-2022-38466 | Incorrect Default Permissions vulnerability in Siemens Coreshield One-Way Gateway A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). | 7.8 |
| 2022-09-09 | CVE-2022-2528 | Incorrect Default Permissions vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. | 6.5 |
| 2022-09-07 | CVE-2022-31251 | Incorrect Default Permissions vulnerability in Opensuse Factory A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. | 6.3 |
| 2022-09-06 | CVE-2022-40109 | Incorrect Default Permissions vulnerability in Totolink A3002R Firmware 1.1.1B20200824.0128 TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. | 9.8 |
| 2022-09-02 | CVE-2022-36640 | Incorrect Default Permissions vulnerability in Influxdata Influxdb influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. | 9.8 |
| 2022-09-01 | CVE-2022-32743 | Incorrect Default Permissions vulnerability in multiple products Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | 7.5 |