Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2022-06-07 CVE-2022-30747 Incorrect Default Permissions vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
local
low complexity
samsung CWE-276
5.5
2022-06-02 CVE-2022-28702 Incorrect Default Permissions vulnerability in ABB E-Design
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.
local
low complexity
abb CWE-276
5.5
2022-06-02 CVE-2022-29483 Incorrect Default Permissions vulnerability in ABB E-Design
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.
local
low complexity
abb CWE-276
7.8
2022-06-02 CVE-2022-31500 Incorrect Default Permissions vulnerability in Knime Analytics Platform
In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.
local
low complexity
knime CWE-276
7.8
2022-05-23 CVE-2022-28999 Incorrect Default Permissions vulnerability in Bloodshed Dev-C++ 4.9.9.2
Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe.
network
low complexity
bloodshed CWE-276
8.8
2022-05-23 CVE-2022-29376 Incorrect Default Permissions vulnerability in Apachefriends Xampp
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
network
low complexity
apachefriends CWE-276
8.8
2022-05-23 CVE-2022-28932 Incorrect Default Permissions vulnerability in Dlink Dsl-G2452Dg Firmware
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
network
low complexity
dlink CWE-276
critical
9.8
2022-05-20 CVE-2022-29178 Incorrect Default Permissions vulnerability in Cilium
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads.
local
low complexity
cilium CWE-276
8.2
2022-05-17 CVE-2022-29162 Incorrect Default Permissions vulnerability in multiple products
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.
local
low complexity
linuxfoundation fedoraproject CWE-276
7.8
2022-05-17 CVE-2022-0486 Incorrect Default Permissions vulnerability in Fidelissecurity Deception and Network
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user.
local
low complexity
fidelissecurity CWE-276
7.8