Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-23104 | Incorrect Default Permissions vulnerability in Win-911 2021 R1 and Win-911 2021 R2 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. | 4.4 |
| 2022-02-24 | CVE-2022-23922 | Incorrect Default Permissions vulnerability in Win-911 2021 R1 and Win-911 2021 R2 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | 4.4 |
| 2022-02-20 | CVE-2021-45083 | Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.1 |
| 2022-02-18 | CVE-2021-3948 | Incorrect Default Permissions vulnerability in multiple products An incorrect default permissions vulnerability was found in the mig-controller. | 6.3 |
| 2022-02-17 | CVE-2021-3155 | Incorrect Default Permissions vulnerability in Canonical Snapd snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. | 2.1 |
| 2022-02-11 | CVE-2021-20001 | Incorrect Default Permissions vulnerability in multiple products It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | 7.5 |
| 2022-02-11 | CVE-2020-14521 | Incorrect Default Permissions vulnerability in Mitsubishielectric products Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. | 9.8 |
| 2022-02-11 | CVE-2021-39635 | Incorrect Default Permissions vulnerability in Google Android ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634 | 9.1 |
| 2022-02-11 | CVE-2021-39658 | Incorrect Default Permissions vulnerability in Google Android ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207 | 9.8 |
| 2022-02-11 | CVE-2022-23995 | Incorrect Default Permissions vulnerability in Samsung Wear OS Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | 4.3 |