Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-12 | CVE-2022-20272 | Incorrect Default Permissions vulnerability in Google Android 13.0 In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. | 5.5 |
| 2022-08-11 | CVE-2022-20246 | Incorrect Default Permissions vulnerability in Google Android 13.0.0 In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. | 7.8 |
| 2022-08-10 | CVE-2022-37003 | Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI The AOD module has a vulnerability in permission assignment. | 9.8 |
| 2022-08-10 | CVE-2022-37006 | Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos Permission control vulnerability in the network module. | 7.5 |
| 2022-08-04 | CVE-2022-37030 | Incorrect Default Permissions vulnerability in Grommunio Gromox Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. | 7.8 |
| 2022-07-20 | CVE-2022-22424 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. | 5.5 |
| 2022-07-12 | CVE-2022-2366 | Incorrect Default Permissions vulnerability in Mattermost Server Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers. | 5.3 |
| 2022-07-12 | CVE-2022-30753 | Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0 Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | 3.3 |
| 2022-07-12 | CVE-2022-30758 | Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0 Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | 5.5 |
| 2022-07-12 | CVE-2022-34737 | Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI The application security module has a vulnerability in permission assignment. | 9.1 |