Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2022-04-26 CVE-2022-28218 Incorrect Default Permissions vulnerability in Ciphermail Webmail Messenger
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4.
local
low complexity
ciphermail CWE-276
5.5
2022-04-22 CVE-2021-3722 Incorrect Default Permissions vulnerability in Lenovo Pcmanager
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.
local
low complexity
lenovo CWE-276
5.0
2022-04-21 CVE-2022-20732 Incorrect Default Permissions vulnerability in Cisco Virtualized Infrastructure Manager 3.6.0/4.0.0
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device.
local
low complexity
cisco CWE-276
7.8
2022-04-21 CVE-2022-29547 Incorrect Default Permissions vulnerability in Mediawiki Createredirect
The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page.
network
low complexity
mediawiki CWE-276
7.5
2022-04-20 CVE-2021-43986 Incorrect Default Permissions vulnerability in Fanuc Roboguide 9.40083.00.05
The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation.
local
high complexity
fanuc CWE-276
7.0
2022-04-19 CVE-2022-26595 Incorrect Default Permissions vulnerability in Liferay Digital Experience Platform and Liferay Portal
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.
network
low complexity
liferay CWE-276
4.3
2022-04-18 CVE-2011-1762 Incorrect Default Permissions vulnerability in Wordpress
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts.
network
low complexity
wordpress CWE-276
6.5
2022-04-18 CVE-2022-27652 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions.
5.3
2022-04-12 CVE-2021-39794 Incorrect Default Permissions vulnerability in Google Android 11.0/12.0/12.1
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check.
local
low complexity
google CWE-276
7.8
2022-04-11 CVE-2022-24804 Incorrect Default Permissions vulnerability in Discourse
Discourse is an open source platform for community discussion.
network
low complexity
discourse CWE-276
5.3